Introduction to December’s ICS Vulnerability Fixes
In December, major industrial automation companies, including Siemens, Rockwell Automation, Schneider Electric, and Phoenix Contact, released essential security patches addressing multiple high-risk vulnerabilities in their Industrial Control Systems (ICS) and Operational Technology (OT) devices. These vulnerabilities, if left unpatched, could lead to severe cybersecurity risks, ranging from remote code execution to unauthorized access and potential service disruptions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also issued several related advisories, urging critical infrastructure operators to apply updates and enhance system protections.
Siemens Patches Major Vulnerabilities in ICS and OT Products
Siemens was one of the key players to issue security updates this December, releasing 14 security advisories for its ICS products. Among these, three were rated as critical, affecting products like Comos, Sicam T, and Ruggedcom ROX.
Comos Vulnerabilities and Their Impact
Siemens flagged multiple vulnerabilities in its Comos engineering and asset management platform, with a CVSS v3.1 score of 10.0. These vulnerabilities could allow attackers to execute arbitrary code, cause denial of service, or even breach data and access controls. Siemens advised users to update to the latest version of Comos to mitigate these threats.
Sicam T Security Flaws
The Sicam T platform, particularly versions prior to 3.0, also suffered from severe vulnerabilities, including Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). These vulnerabilities could lead to remote code execution, unauthorized access, or session hijacking. Siemens recommended immediate updates to address these issues, which were rated at CVSS 9.9 and 9.3, respectively.
Rockwell Automation Addresses Critical ICS Vulnerabilities
Rockwell Automation, a leader in industrial control systems, released two significant advisories. Both flaws were categorized as high-risk and involved critical security holes.
GuardLink EtherNet/IP Interface Flaw
The GuardLink EtherNet/IP interface in its 432ES-IG3 Series A was found vulnerable to a denial-of-service (DoS) attack (CVE-2025-9368), with a CVSS score of 8.7. This vulnerability could cause systems to crash or halt communication, disrupting factory automation processes.
SQL Injection in FactoryTalk DataMosaix
Additionally, Rockwell addressed a high-risk SQL injection vulnerability (CVE-2025-12807) in its FactoryTalk DataMosaix private cloud. This flaw could allow attackers with limited privileges to exploit the system and execute unauthorized database operations, compromising sensitive data. The company urged its users to deploy the recommended patches promptly.
Schneider Electric’s Security Fixes for EcoStruxure and Foxboro DCS
Schneider Electric focused on securing its EcoStruxure platform and Foxboro DCS, addressing significant vulnerabilities related to Microsoft’s Windows Server Update Services (WSUS) and ZombieLoad.
Exploitable WSUS Vulnerability
Schneider reported that an exploit tied to a WSUS vulnerability (CVE-2025-59287) was actively being leveraged, putting devices using EcoStruxure Foxboro DCS at risk of remote code execution attacks. Attackers could gain system-level access, which could lead to further exploitation and operational disruptions.
ZombieLoad Attack Risk
Schneider also warned that Foxboro DCS devices remain vulnerable to the ZombieLoad side-channel attack. While this vulnerability is not new, the company emphasized that users should apply system updates and implement network segmentation and access control measures to mitigate potential impacts on production systems.
Phoenix Contact Issues Fixes for FL SWITCH 2xxx Series
Phoenix Contact addressed vulnerabilities in its FL SWITCH 2xxx series of industrial Ethernet switches, releasing a set of security patches. The flaws included issues such as Cross-Site Scripting (XSS), denial-of-service (DoS), authentication bypass, and information leakage. The German Computer Emergency Response Team (CERT@VDE) confirmed these vulnerabilities and published guidelines for users to secure their systems against these risks.
CISA’s Additional Security Alerts for ICS Devices
The U.S. CISA also issued advisories on December 9th, highlighting vulnerabilities in several ICS devices, including U-Boot Bootloader, Festo LX Appliance, and industrial CCTV cameras.
U-Boot Bootloader Vulnerability
The U-Boot Bootloader was found to have a critical access control vulnerability (CVE-2025-24857) with a CVSS score of 8.6. This flaw could allow attackers to execute arbitrary code, undermining the integrity of the affected system. CISA advised limiting network exposure and enforcing stricter access controls.
CCTV Camera Security Risks
CISA’s advisory also noted that various industrial CCTV cameras, including D-Link’s DCS-F5614-L1 model, were affected by an authentication bypass issue (CVE-2025-13607). With a CVSS score of 9.4, this vulnerability allows attackers to access camera settings and credentials without proper authentication, posing a significant threat to surveillance and monitoring systems.
The Importance of Timely Security Patches for ICS and OT Systems
In an increasingly interconnected world, industrial control systems (ICS) and operational technology (OT) are prime targets for cyberattacks. The vulnerabilities disclosed by Siemens, Rockwell Automation, Schneider Electric, and Phoenix Contact underscore the critical importance of regular security updates to protect manufacturing processes, critical infrastructure, and factory automation systems from cyber threats.
Failure to address these risks can lead to severe consequences, including unauthorized access, service disruptions, data breaches, and even sabotage. Therefore, organizations must take proactive measures by applying patches promptly, enhancing network security, and implementing layered defense strategies such as network segmentation, access controls, and monitoring systems.
Conclusion and Expert Opinion
The rapid advancements in industrial automation and control systems make them an attractive target for malicious actors. As the threat landscape evolves, so must the strategies to safeguard ICS and OT environments. The patches released by these leading industrial automation companies are vital to securing critical infrastructure and ensuring operational continuity.
In my opinion, as industrial environments become more connected through IoT and cloud integration, the risk of cyberattacks will continue to rise. Companies must prioritize cybersecurity as part of their operational planning, ensuring that both legacy and modern systems receive consistent and timely security updates. Additionally, investing in cybersecurity training and awareness for employees can further mitigate risks associated with human error.