[Security Vulnerability Alert] In January 2016, major industrial control system manufacturers such as Siemens, Schneider Electric, and Aveva successively released multiple security patch announcements for their ICS products.

 
2026/1/29 ~ 2026/7/29
View Count:29

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202601-00000294

[Content Description]
In January 2016, major industrial control system manufacturers such as Siemens, Schneider Electric, and Aveva successively released multiple security patch announcements for their ICS products.

[Affected Platforms]
#Siemens
CVE-2025-40942 Siemens TeleControl Server Basic
CISA CVE-2025-40944 Siemens SIMATIC and SIPLUS products
CISA CVE-2025-40935 Siemens RUGGEDCOM ROS
CISA CVE-2025-40830, CVE-2025-40831 Siemens SINEC Security Monitor
CISA CVE-2025-40891, CVE-2025-40892, CVE-2025-40893, CVE-2025-40898 Siemens RUGGEDCOM APE1808 Devices
CISA CVE-2025-40805 Siemens Industrial Edge Devices
CISA CVE-2025-40805 Siemens Industrial Edge Device Kit

#Schneider Electric
CVE-2025-13844, CVE-2025-13845 Schneider Electric EcoStruxure Power Build Rapsody
CISA CVE-2018-12130 Schneider Electric EcoStruxure Foxboro DCS
CISA CVE-2022-4046, CVE-2023-28355, CVE-2022-47378, CVE-2022-47379, CVE-2022-47380, CVE-2022-47381, CVE-2022-47382, CVE-2022-47383, CVE-2022-47384, CVE-2022-47386, CVE-2022-47387, CVE-2022-47388、 CVE-2022-47389, CVE-2022-47390, CVE-2022-47385, CVE-2022-47392, CVE-202 2-47393, CVE-2022-47391, CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550, CVE-2023-37551, CVE-2023-37552, CVE-2023-37553, CVE-2023-37554, CVE-2023-37555, CVE-2023-37556, CVE-2023-37557, CVE-2023-37558, CVE-2023-37559, CVE-2023-3662, CVE-2023-3663, CVE-2023-3669, CVE-2023-3670 Schneider Electric devices using CODESYS Runtime
CISA CVE-2025-13905 Schneider Electric EcoStruxure Process Expert

#Aveva
CVE-2025-61937, CVE-2025-64691, CVE-2025-61943, CVE-2025-65118, CVE-2025-64729, CVE-2025-65117, CVE-2025-64769 AVEVA Process Optimization

[Recommended Actions]
If you have confirmed ownership of an affected device, it is recommended that you follow the detailed instructions in the manufacturer's announcement to implement appropriate patching or protective measures without affecting the device's operation, in order to prevent attackers from exploiting known vulnerabilities to gain access to the system.

[References]
1. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-03
2. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-04
3. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-05
4. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-06
5. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-07
6. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-08
7. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-09
8. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-10
9. https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-01
10. https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-02
11. https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-01
12. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Files
None
【Back】
Top↑