Review – 2 Advisories and 1 Update Published – 10-28-25

Today CISA’s NCCIC-ICS published one control system and one medical device security advisory for products from Schneider and Vertikal Systems. They also updated an advisory for products from Schneider.

Advisories

Schneider Advisory - This advisory describes an allocation of resources without limit or throttling vulnerability in the Schneider EcoStruxure OPC UA Server Expert and EcoStruxure Modicon Communication Server.

NOTE: I briefly discussed this vulnerability on October 19^th, 2025.

Vertikal Advisory - This advisory describes two vulnerabilities in the Vertikal Hospital Manager Backend Services.

Updates

Schneider Update - This update provides additional information on the Modicon advisory that was originally published on December 17^th, 2024, and most recently updated on March 18^th, 2025.

NOTE: I briefly mentioned the Schneider update on October 19^th, 2025.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/2-advisories-and-1-update-published-bb7 - subscription required.