Siemens, Schneider Electric, and Rockwell Automation released their July 2026 Patch Tuesday advisories, disclosing dozens of vulnerabilities across industrial control system (ICS) products, several rated critical.
Siemens: Maximum-Severity Flaw in Opencenter X
Siemens published nine new advisories, six covering critical vulnerabilities. The most severe, carrying a CVSS score of 10, is a token invalidation flaw in Opencenter X that allows an attacker to bypass authentication and gain full access to the application.
Additional critical vulnerabilities were patched or mitigated in Mendix, Sidis Secured SmartPlug, Simatic S7-1500, Cadra, and Desigo CC. Many of the flaws stem from third-party components and can be exploited for denial-of-service (DoS) attacks, arbitrary code execution, sensitive data exposure, or privilege escalation. Siemens also fixed high-severity issues in Simatic S7-PLCSIM, Ruggedcom APE1808, Comos, Designcenter, Simcenter, Solid Edge, and Tecnomatrix.
Schneider Electric: Authentication Bypass and Code Execution
Schneider Electric issued two advisories. The first addresses a high-severity vulnerability in its IGSS (Interactive Graphical SCADA System) product, where specially crafted files can be used to execute arbitrary code. The second covers a high-severity authentication bypass in EcoStruxure Cybersecurity Admin Expert, which a local attacker could exploit to compromise managed devices.
Rockwell Automation: Critical DoS and Command Injection Risks
Rockwell Automation published 12 advisories, including two critical ones. A critical flaw in the 1715 Redundant IO product allows an unauthenticated attacker to access intrusive CLI commands, enabling file reads or deletion, task termination, IO state changes, and memory modification.
Rockwell also patched three critical DoS vulnerabilities affecting CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix controllers, which could trigger a major non-recoverable fault. High-severity issues were fixed in Flex 5000 Adapter, FactoryTalk DataMosaix, FactoryTalk Services Platform, Arena, ThinManager, Studio 5000 Logix Designer, 1756-EN, 1734 POINT I/O, and 1719-AENTR products.
Other Vendor Activity
ABB and Mitsubishi Electric did not publish new advisories this cycle but disclosed critical and high-severity flaws over the past month. CISA distributed three ABB advisories and one Rockwell advisory on Tuesday. Germany’s VDE CERT also released five new advisories covering vulnerabilities in Murrelektronik, Mettler Toledo, Codesys, and Wago products.
Asset owners are advised to review vendor advisories and apply patches or mitigations promptly given the range of critical and high-severity findings affecting controllers, SCADA systems, and engineering software.
