Industrial giants Siemens, Schneider Electric, Phoenix Contact, and Aveva have published a dozen Patch Tuesday advisories to inform customers about vulnerabilities found in their ICS/OT products.

Siemens has released five new advisories. Two of them describe the same critical authorization‑bypass flaw in Industrial Edge Devices that can be leveraged by an unauthenticated, remote attacker to bypass authentication and impersonate a user. One advisory covers Industrial Edge Devices, while the other is for the Industrial Edge Device Kit. The remaining advisories inform customers about the availability of fixes for high‑severity vulnerabilities in Ruggedcom, ET 200SP, and TeleControl Server Basic products.

Schneider Electric has published four new advisories. One of them describes a high‑severity issue that can be leveraged for privilege escalation in EcoStruxure Process products. Another advisory describes one medium‑ and one high‑severity flaw in EcoStruxure Power Build Rapsody, which can be exploited for arbitrary code execution using specially crafted files. The remaining advisories describe vulnerabilities in third‑party components used by Schneider Electric products, specifically Zigbee and Redis.

Phoenix Contact has released an advisory to inform customers about a high‑severity command‑injection issue that can be exploited by an attacker against TC Router and Cloud Client industrial routers. Exploitation requires the attacker to have elevated privileges on the targeted system, or they need to trick the victim into uploading a malicious payload. Germany’s VDE CERT has also published a version of Phoenix Contact’s advisory.

Aveva has published an advisory describing seven types of vulnerabilities in Process Optimization (formerly ROMeo). The security holes, rated high and critical severity, can be exploited for remote code execution, privilege escalation, and to obtain sensitive data.

Honeywell has released security advisories for its Pro‑Watch and Maxpro building‑security and video‑management products. The advisories mostly focus on Windows patches released by Microsoft.

The cybersecurity agency CISA has published ICS advisories for Rockwell Automation vulnerabilities disclosed by the vendor in December 2025, as well as for three flaws found in the YoSmart YoLink Smart Hub.

A few days before Patch Tuesday, ABB published an advisory to inform customers about three flaws that can lead to authentication bypass and DoS in its WebPro SNMP Card PowerValue product.

---

About the author

Eduard Kovacs – Managing editor at SecurityWeek. He worked as a high‑school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

[Twitter] | [LinkedIn]