CISA Advisory: Critical Bugs in Siemens and Schneider Electric Industrial Gear (2025-04-24)

CISA has released new advisories warning of critical vulnerabilities in widely deployed Siemens and Schneider Electric industrial control systems. The flaws, disclosed on April 22, 2025, could enable attackers to disrupt operations or steal sensitive credentials in energy and other critical sectors.¹

Siemens TeleControl Server Basic Vulnerability

A newly disclosed vulnerability (CVE-2025-29931) affects Siemens TeleControl Server Basic prior to version V3.1.2.2. The flaw stems from improper handling of length parameter inconsistencies (CWE-130), which allows unauthenticated remote attackers to exhaust system memory and trigger a denial-of-service condition.

Exploitation is only possible in redundant server setups with disrupted connections. Siemens rates this as a medium-severity issue (CVSS v4 score: 6.3), but affected systems are used in energy, water, and transportation infrastructure worldwide.

Mitigation steps include updating to version V3.1.2.2 or later, disabling redundancy if not used, and following Siemens and CISA network security best practices. No public exploitation has been reported as of publication.²

Schneider Electric Wiser Home Controller Vulnerability

A separate vulnerability (CVE-2024-6407) affects all versions of the Schneider Electric Wiser Home Controller WHC-5918A. This critical bug (CWE-200) could allow remote attackers to extract sensitive credentials by sending a specially crafted message.

The vulnerability is remotely exploitable with low attack complexity and has a CVSS v4 score of 9.3, making it a high-priority risk for affected organizations in the energy sector.

Schneider Electric recommends following their official mitigation guidance and isolating affected devices from untrusted networks. Organizations should also apply CISA’s recommended network segmentation and access control strategies.³

Defensive Recommendations

CISA urges all organizations operating industrial control systems to:

• Update affected Siemens and Schneider Electric products to the latest versions
• Minimize network exposure for control system devices
• Place control systems behind firewalls, isolating them from business networks
• Use secure remote access methods (e.g., VPNs) and keep all software up to date
• Conduct impact analysis and risk assessments before deploying new security measures

Additional technical guidance and best practices are available from both vendors and CISA.¹

Final Thoughts

These advisories highlight the ongoing risk posed by vulnerabilities in industrial control systems. Prompt patching, network isolation, and adherence to security best practices remain essential for safeguarding critical infrastructure.

Related Articles

• CISA Issues Guidance After Oracle Cloud Credentials Leak: What Organizations Must Do
• Critical CrushFTP Authentication Bypass Vulnerability CVE-2025-31161: What You Need to Know
• Critical Microsoft Zero-Day Vulnerability CVE-2025-29824: What You Need to Know