"Only Siemens, Schneider Electric, CISA, and CERT@VDE have published new ICS security advisories for the May 2026 Patch Tuesday. Siemens has published 18 new security advisories, and several of them describe critical vulnerabilities. The company has addressed critical issues in Sentron 7KT PAC1261 Data Manager (device takeover), Simatic S7 PLC web server (XSS), Ruggedcom Rox (command execution as root, old vulnerabilities in third-party components), ROS# (arbitrary file access), Simatic CN4100 (over 300 third-party component flaws), and Opcenter RDnL (missing authentication)."
"Siemens has also informed customers that its Ruggedcom APE1808 product is affected by the recently disclosed Palo Alto Networks PAN-OS vulnerability that has been exploited in the wild, possibly by Chinese state-sponsored hackers. High-severity vulnerabilities that can be exploited for remote code execution have been resolved in Simcenter Femap, Teamcenter, gPROMS Web Applications Publisher, and Ruggedcom Rox. A high-severity flaw in KACO Blueplanet inverters can lead to information disclosure, and users have been informed about a control panel escape issue affecting Simatic HMI Unified Comfort."
"Schneider Electric has published four new advisories. Three of them address high-severity vulnerabilities in EcoStruxure Panel Server (sensitive information exposure), EasyLogic T150 and Saitel DP RTU (unauthorized file access), and EasyLogic, PowerLogic, Easergy, and EcoStruxure products (session hijacking). A medium-severity information disclosure flaw has been patched in Ecostruxure Machine Expert HVAC."
"CISA has published advisories for several ABB product vulnerabilities over the past two weeks. On Patch Tuesday, it also released advisories for security holes found in products from Subnet Solutions, Fuji Electric, Maxhub, and Johnson Controls. Germany's CERT@VDE published a new advisory to describe a medium-severity DoS flaw in Codesys Modbus."
Only Siemens, Schneider Electric, CISA, and CERT@VDE published new ICS security advisories for the May 2026 Patch Tuesday. Siemens issued 18 new advisories, including critical vulnerabilities affecting Sentron 7KT PAC1261 Data Manager, Simatic S7 PLC web server, Ruggedcom Rox, ROS#, Simatic CN4100, and Opcenter RDnL. Siemens also warned that Ruggedcom APE1808 is affected by a Palo Alto Networks PAN-OS vulnerability exploited in the wild. High-severity remote code execution issues were fixed in Simcenter Femap, Teamcenter, gPROMS Web Applications Publisher, and Ruggedcom Rox. Schneider Electric released four advisories covering EcoStruxure Panel Server, EasyLogic T150, Saitel DP RTU, and multiple product lines, including session hijacking. CISA published advisories for ABB, Subnet Solutions, Fuji Electric, Maxhub, and Johnson Controls. CERT@VDE issued a medium-severity denial-of-service advisory for Codesys Modbus.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]