Review – ICS-CERT Advisories – 8-14-25 – Part 2

For Part 2 we have control system security advisories for products from Siemens (5), Rockwell (9). We also have an advisory update for products from Güralp.

There were two additional Siemens advisories (and 25 Siemens updates) published this week that were not covered by NCCIC-ICS. I will address these this weekend in my Public ICS Disclosures blog post.

Advisories

Opcenter Advisory - This advisory describes seven vulnerabilities in the Siemens Opcenter Quality products.

Wibu Advisory - This advisory discusses a least privilege violation in the Siemens SIMATIC products.

Simcenter Advisory - This advisory describes two vulnerabilities in the Siemens Simcenter Femap product.

Engineering Platforms Advisory - This advisory describes a deserialization of untrusted data vulnerability in the Siemens Engineering Platforms.

COMOS Advisory - This advisory discusses an out-of-bounds write vulnerability in the Siemens COMOS product.

1756-ENXX Advisory - This advisory describes two vulnerabilities in the Rockwell 1756-ENXX products.

FactoryTalk Advisory #1 - This advisory describes an exposure of sensitive information to unauthorized actor vulnerability in the Rockwell FactoryTalk Action Manager product.

Note: The CVE number provided in this advisory is incorrect, it should be CVE-2025-9036.

FactoryTalk Advisory #2 - This advisory describes an improper access control vulnerability in the Rockwell FactoryTalk Linx product.

FactoryTalk Advisory #3 - This advisory describes an execution with unnecessary privileges vulnerability in the Rockwell FactoryTalk Viewpoint product.

Studio 5000 Advisory - This advisory describes in improper input validation vulnerability in the Rockwell Studio 5000 Logix Designer product.

ControlLogic Advisory - This advisory describes an insecure default initialization of a resource vulnerability in the Rockwell ControlLogix Ethernet Modules.

ArmorBlock Advisory - This advisory describes two vulnerabilities in the Rockwell ArmorBlock 5000 I/O product.

FLEX 5000 Advisory - This advisory describes two improper input validation vulnerabilities in the Rockwell FLEX 5000 I/O products.

Note: The CVE numbers provided in this advisory are incorrect; they should be CVE-2025-9041 and CVE-2025-9042.

Micro800 Advisory - This advisory discusses four vulnerabilities in the Rockwell Micro800 series PLCs.

Updates

Güralp Update - This update provides additional information on the FMUS Series advisory that was originally published on July 31^st, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/ics-cert-advisories-8-14-25-part - subscription required.