Review – Public ICS Disclosures – Week of 9-6-25 – Part 2

For Part 2 this week we have ten additional vendor disclosures from Philips, Phoenix Contact (2), Schneider (2), WAGO (3), Welotec, and Western Digital. We have bulk updates from Siemens (8). Finally, we have three other vendor updates from ABB.

Advisories

Philips Advisory - Philips published an advisory that discusses the Windows 10 end-of-life notice from Microsoft.

Phoenix Contact Advisory #1 - Phoenix Contact published an advisory that discusses two vulnerabilities in their FL MGUARD product.

Phoenix Contact Advisory #2 - Phoenix Contact published an advisory that discusses a least privilege vulnerability in multiple Phoenix Contact products.

Schneider Advisory #1 - Schneider published an advisory that discusses a cross-site scripting vulnerability in their Altivar Process Drives and Communication Modules.

Schneider Advisory #2 - Schneider published an advisory that describes two vulnerabilities in their Saitel DR & Saitel DP remote terminal units.

WAGO Advisory #1 - CERT-VDE published an advisory that describes a missing authentication for critical function vulnerability in multiple WAGO products.

WAGO Advisory #2 - CERT-VDE published an advisory that describes an incorrect permission assignment for critical resource vulnerability in multiple WAGO products.

WAGO Advisory #3 - CERT-VDE published an advisory that discusses an inclusion of functionality from untrusted control sphere vulnerability in multiple WAGO products.

Welotec Advisory - CERT-VDE published an advisory that describes a path traversal vulnerability in the Welotec SmartEMS Web Application.

Western Digital Advisory - Western Digital published an advisory that describes a root code execution vulnerability in their Acronis True Image for Western Digital (macOS).

Bulk Updates – Siemens

• Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices,

• Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products,

• Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products,

• Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP,

• Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices,

• Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products,

• DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery, and

• Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1

Updates

ABB Update #1 - ABB published an update for their RTU500 series advisory that was originally published on March 25, 2025, and most recently update on April 29^th, 2025.

ABB Update #2 - ABB published an update for their RTU500 series advisory that was originally published on April 30^th, 2024.

ABB Update #3 - ABB published an update for their RTU500 series advisory that was originally published on 26 March, 2024, and most recently updated on December 18^th, 2024.

 

For more information on these disclosures, including links to researcher reports, 3^rd party advisories, and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-9-735 - subscription required.