ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact

Avevahas informed customers about a high-severity DoS vulnerability in PI Data Archive and a medium-severity unauthorized access issue in PI to Connect Agent.Phoenix Contacthas released an advisory to address a 2024 OpenSSL vulnerability. The advisory was also picked up by Germany’sVDE CERT, which also published an advisory for Wago managed switch flaws.CISApublished five new advisories on Patch Tuesday. They describe vulnerabilities in Yokogawa Fast/Tools, Zlan ZLAN5143D, and the Zoll ePCR mobile application, as well as the Aveva issues disclosed on TuesdayIn the days leading up to Patch Tuesday, advisories were published byMitsubishi Electricfor vulnerabilities in Freqship-mini for Windows and Melsec iQ-R, and byMoxafor security holes in industrial computers and switches.Related:Default ICS Credentials Exploited in Destructive Attack on Polish Energy FacilitiesRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix ContactRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

Phoenix Contacthas released an advisory to address a 2024 OpenSSL vulnerability. The advisory was also picked up by Germany’sVDE CERT, which also published an advisory for Wago managed switch flaws.CISApublished five new advisories on Patch Tuesday. They describe vulnerabilities in Yokogawa Fast/Tools, Zlan ZLAN5143D, and the Zoll ePCR mobile application, as well as the Aveva issues disclosed on TuesdayIn the days leading up to Patch Tuesday, advisories were published byMitsubishi Electricfor vulnerabilities in Freqship-mini for Windows and Melsec iQ-R, and byMoxafor security holes in industrial computers and switches.Related:Default ICS Credentials Exploited in Destructive Attack on Polish Energy FacilitiesRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix ContactRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

CISApublished five new advisories on Patch Tuesday. They describe vulnerabilities in Yokogawa Fast/Tools, Zlan ZLAN5143D, and the Zoll ePCR mobile application, as well as the Aveva issues disclosed on TuesdayIn the days leading up to Patch Tuesday, advisories were published byMitsubishi Electricfor vulnerabilities in Freqship-mini for Windows and Melsec iQ-R, and byMoxafor security holes in industrial computers and switches.Related:Default ICS Credentials Exploited in Destructive Attack on Polish Energy FacilitiesRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix ContactRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

In the days leading up to Patch Tuesday, advisories were published byMitsubishi Electricfor vulnerabilities in Freqship-mini for Windows and Melsec iQ-R, and byMoxafor security holes in industrial computers and switches.Related:Default ICS Credentials Exploited in Destructive Attack on Polish Energy FacilitiesRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix ContactRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

Related:Default ICS Credentials Exploited in Destructive Attack on Polish Energy FacilitiesRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix ContactRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

Related:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix ContactRelated:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

Related:ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider

Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise.

SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats.

Source: SecurityWeek