Review – 4 Advisories and 2 Updates Published – 3-17-26

Today CISA’s NCCIC-ICS published four control system security advisories for products from Siemens, Schneider Electric (2), and CODESYS. They also updated two advisories for products from Schneider and Hitachi Energy.

Advisories

Siemens Advisory This advisory describes four vulnerabilities in the Siemens SICAM SIAPP SDK.

NOTE: I briefly discussed these vulnerabilities on Monday.

Schneider Advisory #1 - This advisory describes a use of hard-coded credentials vulnerability in the Schneider Electric EcoStruxure Data Center Expert.

NOTE: I briefly mentioned this vulnerability on Monday.

Schneider Advisory #2 - This advisory describes an improper check for unusual or exceptional conditions vulnerability in the Schneider SCADAPack and RemoteConnect products.

Updates

Schneider Update - This update provides additional information on the EcoStruxure Power Build Rapsody advisory that was originally published on January 14^th, 2026.

I briefly discussed the Schneider update on March 16^th, 2026.

Hitachi Energy Advisory - This update provides additional information on the Relion 670, 650, SAM600-IO Series advisory that was originally published on June 27^th, 2023.

I briefly mentioned the Hitachi Energy update on February 1^st, 2026.

 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/4-advisories-and-2-updates-published-40c - subscription required.