ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA
The May 2026 ICS Patch Tuesday includes new security advisories from Siemens, Schneider Electric, CISA, and CERT@VDE addressing multiple vulnerabilities in industrial control systems (ICS). Siemens released 18 advisories covering critical issues such as device takeover, cross-site scripting, command execution as root, arbitrary file access, and missing authentication. Schneider Electric patched high-severity vulnerabilities including sensitive information exposure and session hijacking. CISA and CERT@VDE also published advisories for various ICS products, including a medium-severity denial-of-service flaw in Codesys Modbus. Several vulnerabilities affect third-party components and some have been exploited in the wild. Patch status is confirmed for these advisories, with vendors providing fixes.
AI Analysis
Technical Summary
This ICS Patch Tuesday update reports multiple security advisories from Siemens, Schneider Electric, CISA, and CERT@VDE addressing vulnerabilities in industrial control system products. Siemens disclosed critical vulnerabilities in products such as Sentron 7KT PAC1261 Data Manager, Simatic S7 PLC web server, Ruggedcom Rox, and others, including issues like device takeover, cross-site scripting, root command execution, and missing authentication. Schneider Electric fixed high-severity flaws in EcoStruxure Panel Server and other products involving information exposure and session hijacking. CISA released advisories for ABB, Subnet Solutions, Fuji Electric, Maxhub, and Johnson Controls products. CERT@VDE reported a medium-severity denial-of-service vulnerability in Codesys Modbus. Some vulnerabilities involve third-party components, and one Siemens product is affected by a PAN-OS vulnerability exploited in the wild. Vendors have published patches for these issues.
Potential Impact
The vulnerabilities include critical issues such as device takeover, remote code execution, cross-site scripting, arbitrary file access, missing authentication, and session hijacking, which could allow attackers to compromise ICS devices and systems. Some flaws affect third-party components, increasing the attack surface. One Siemens product is impacted by a PAN-OS vulnerability that has been exploited in the wild, indicating active threat exploitation. The overall impact could lead to unauthorized control, information disclosure, and denial of service in industrial environments if unpatched.
Mitigation Recommendations
Vendors including Siemens, Schneider Electric, CISA, and CERT@VDE have published security advisories with patches addressing the disclosed vulnerabilities. Users and administrators of affected ICS products should apply the official patches provided by these vendors promptly. Since these are on-premises ICS products, manual patching is required. There is no indication that no action is required or that vulnerabilities are already mitigated without patching. Patch status is confirmed by vendor advisories. Monitoring vendor websites and subscribing to their security notifications is recommended to stay current with updates.
ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA
Description
The May 2026 ICS Patch Tuesday includes new security advisories from Siemens, Schneider Electric, CISA, and CERT@VDE addressing multiple vulnerabilities in industrial control systems (ICS). Siemens released 18 advisories covering critical issues such as device takeover, cross-site scripting, command execution as root, arbitrary file access, and missing authentication. Schneider Electric patched high-severity vulnerabilities including sensitive information exposure and session hijacking. CISA and CERT@VDE also published advisories for various ICS products, including a medium-severity denial-of-service flaw in Codesys Modbus. Several vulnerabilities affect third-party components and some have been exploited in the wild. Patch status is confirmed for these advisories, with vendors providing fixes.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This ICS Patch Tuesday update reports multiple security advisories from Siemens, Schneider Electric, CISA, and CERT@VDE addressing vulnerabilities in industrial control system products. Siemens disclosed critical vulnerabilities in products such as Sentron 7KT PAC1261 Data Manager, Simatic S7 PLC web server, Ruggedcom Rox, and others, including issues like device takeover, cross-site scripting, root command execution, and missing authentication. Schneider Electric fixed high-severity flaws in EcoStruxure Panel Server and other products involving information exposure and session hijacking. CISA released advisories for ABB, Subnet Solutions, Fuji Electric, Maxhub, and Johnson Controls products. CERT@VDE reported a medium-severity denial-of-service vulnerability in Codesys Modbus. Some vulnerabilities involve third-party components, and one Siemens product is affected by a PAN-OS vulnerability exploited in the wild. Vendors have published patches for these issues.
Potential Impact
The vulnerabilities include critical issues such as device takeover, remote code execution, cross-site scripting, arbitrary file access, missing authentication, and session hijacking, which could allow attackers to compromise ICS devices and systems. Some flaws affect third-party components, increasing the attack surface. One Siemens product is impacted by a PAN-OS vulnerability that has been exploited in the wild, indicating active threat exploitation. The overall impact could lead to unauthorized control, information disclosure, and denial of service in industrial environments if unpatched.
Mitigation Recommendations
Vendors including Siemens, Schneider Electric, CISA, and CERT@VDE have published security advisories with patches addressing the disclosed vulnerabilities. Users and administrators of affected ICS products should apply the official patches provided by these vendors promptly. Since these are on-premises ICS products, manual patching is required. There is no indication that no action is required or that vulnerabilities are already mitigated without patching. Patch status is confirmed by vendor advisories. Monitoring vendor websites and subscribing to their security notifications is recommended to stay current with updates.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/ics-patch-tuesday-new-security-advisories-from-siemens-schneider-cisa/","fetched":true,"fetchedAt":"2026-05-13T06:51:23.740Z","wordCount":973}
Threat ID: 6a041f6bcbff5d86107c4149
Added to database: 5/13/2026, 6:51:23 AM
Last enriched: 5/13/2026, 6:51:31 AM
Last updated: 5/13/2026, 9:47:03 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.