Friday, 10 July 2026

Siemens, Schneider Electric and Phoenix Contact fixed critical vulnerabilities

As part of the June Patch Tuesday, industrial equipment manufacturers have released security updates for their products.

Siemens released five security advisories: authentication, information disclosure, privilege escalation, and password leakage issues have been fixed in the Sinec INS system; “Denial of Service” and code execution flaws have been addressed in Siprotec 5; and a sensitive information exposure weakness has been resolved in WinCC Certificate Manager. Separately, the OpenSSL vulnerability CVE-2025-15467, which affects Scalance, Simatic, Sinamics, and Sinec products, has been fixed.

Schneider Electric published three advisories: Denial of service and command execution vulnerabilities in PowerLogic P7, credential exposure issues in EasyLogic T150 and Saitel DP RTU, and information disclosure issue in EcoStruxure IT Data Center Expert have been addressed.  

Phoenix Contact notified customers of a fix for an unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers.

ABB and Mitsubishi Electric have also published a number of security bulletins.

Source: securityweek.com

18 June 2026

-
17