【Vulnerability Alert】In January of Year 115, major industrial control system (ICS) vendors such as Siemens, Schneider Electric, and AVEVA successively released multiple security patch advisories for their ICS products.
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026012701013030 | Publication Time | 2026/01/27 13:29 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/01/27 13:29 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】In January of Year 115, major industrial control system (ICS) vendors such as Siemens, Schneider Electric, and AVEVA successively released multiple security patch advisories for their ICS products. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202601-00000294 In January of Year 115, major industrial control system (ICS) vendors such as Siemens, Schneider Electric, and AVEVA successively released multiple security patch advisories for their ICS products. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] CVE-2025-40942 Siemens TeleControl Server Basic CISA CVE-2025-40944 Siemens SIMATIC and SIPLUS products CISA CVE-2025-40935 Siemens RUGGEDCOM ROSCISA CVE-2025-40830、CVE-2025-40831 Siemens SINEC Security Monitor CISA CVE-2025-40891、CVE-2025-40892、CVE-2025-40893、CVE-2025-40898 Siemens RUGGEDCOM APE1808 Devices CISA CVE-2025-40805 Siemens Industrial Edge Devices CISA CVE-2025-40805 Siemens Industrial Edge Device Kit #Schneider Electric CVE-2025-13844、CVE-2025-13845 Schneider Electric EcoStruxure Power Build Rapsody CISA CVE-2018-12130 Schneider Electric EcoStruxure Foxboro DCS CISA CVE-2022-4046、 CVE-2023-28355、 CVE-2022-47378、 CVE-2022-47379、 CVE-2022-47380、 CVE-2022-47381、 CVE-2022-47382、 CVE-2022-47383、 CVE-2022-47384、 CVE-2022-47386、 CVE-2022-47387、 CVE-2022-47388、 CVE-2022-47389、CVE-2022-47390、CVE-2022-47385、CVE-2022-47392、CVE-2022-47393、CVE-2022-47391、CVE-2023-37545、CVE-2023-37546、CVE-2023-37547、 CVE-2023-37548、 CVE-2023-37549、 CVE-2023-37550、 CVE-2023-37551、 CVE-2023-37552、 CVE-2023-37553、 CVE-2023-37554、 CVE-2023-37555、 CVE-2023-37556、 CVE-2023-37557、 CVE-2023-37558、 CVE-2023-37559、 CVE-2023-3662、 CVE-2023-3663、 CVE-2023-3669、 CVE-2023-3670 Schneider Electric devices using CODESYS Runtime CISA CVE-2025-13905 Schneider Electric EcoStruxure Process Expert #Aveva CVE-2025-61937、CVE-2025-64691、CVE-2025-61943、CVE-2025-65118、CVE-2025-64729、CVE-2025-65117、CVE-2025-64769 AVEVA Process Optimization |
|||
| [Recommended Actions] If you confirm that you operate the affected equipment, it is recommended to follow the detailed guidance provided in the vendor advisories and complete the appropriate patching or protective measures without impacting device operations, in order to prevent attackers from exploiting known vulnerabilities to gain access to the system. |
|||
|
[Reference] 2. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-04 3. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-05 4. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-06 5. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-07 6. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-08 7. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-09 8. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-10 9. https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-01 10. https://www.cisa.gov/news-events/ics-advisories/icsa-26-020-02 11. https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-01 12. https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw