Industrial cybersecurity teams had plenty to review on April 14, 2026, as Siemens and Schneider Electric published a broad set of security advisories affecting network infrastructure, engineering software, industrial management platforms, protection relays, PLCs, and communication modules.
For asset owners and defenders in operational technology environments, this Patch Tuesday stands out for one simple reason: the affected products are not limited to one narrow corner of the plant. These advisories touch the kinds of systems that often sit close to production, network visibility, remote administration, and process control.
That means this is not just a maintenance event. It is a risk review event.
Why this Patch Tuesday matters
In industrial environments, patching is never as simple as clicking "update now." Many affected systems support production uptime, plant communications, engineering workflows, or electrical protection. That makes every advisory a balancing act between reducing cyber risk and protecting operations.
The April 14 advisory set from Siemens and Schneider Electric reflects the real complexity of OT security today. Instead of one single issue, organizations are looking at a mix of:
- privilege escalation
- authentication bypass
- authorization bypass
- denial of service
- memory corruption
- hard-coded credentials
- information exposure
- web application weaknesses
- communication integrity failures
- third-party component issues
For defenders, that means the real task is not just to read the advisories. It is to understand which systems are exposed, which ones are critical, and which ones create the biggest operational risk if compromised.
Siemens advisories published on April 14, 2026
Siemens released a large group of advisories covering a wide range of industrial and enterprise-adjacent OT products. Several stand out because of their severity and because they affect systems commonly used for network management, wireless communications, industrial access control, and edge administration.
1. SCALANCE wireless and web-related issues are among the most urgent
One of the most serious Siemens advisories is:
SSA-019200 — CVSS 9.1 Multiple Vulnerabilities in SCALANCE W-700 IEEE 802.11n Devices Before V6.6.0
This is significant because SCALANCE products are part of industrial networking infrastructure. When vulnerabilities affect wireless industrial devices, the concern is not only device compromise, but also the possibility of disruption, loss of segmentation, or a stepping stone into broader OT networks.
Another high-priority item is:
SSA-710008 — CVSS 9.1 Multiple Web Vulnerabilities in SCALANCE Products
Web interface vulnerabilities are especially important in ICS environments because administrative interfaces often sit on trusted segments. If poorly protected or reachable by the wrong users, those interfaces can become a direct path to unauthorized changes or deeper access.
2. SINEC NMS appears repeatedly and deserves close attention
Siemens also published multiple advisories involving SINEC NMS, its network management platform:
SSA-311973 — CVSS 7.8 Multiple Local Privilege Escalation Vulnerabilities in SINEC NMS and User Management Component (UMC)
SSA-801704 — CVSS 7.3 Authentication Bypass Vulnerability in SINEC NMS
SSA-605717 — CVSS 8.8 Authorization Bypass Vulnerability in SINEC NMS Before V4.0 SP3
When a network management platform has multiple weaknesses across authentication, authorization, and privilege boundaries, that becomes a serious concern. These platforms often have high visibility and broad administrative reach, which means a compromise can create outsized impact compared to a flaw in a more isolated endpoint.
3. RUGGEDCOM issues affect secure access and network control functions
Siemens also flagged important issues in RUGGEDCOM products:
SSA-225816 — CVSS 7.7 Memory Corruption Vulnerability in RUGGEDCOM CROSSBOW Station Access Controller Before V5.8
SSA-741509 — CVSS 8.8 Privilege Escalation Vulnerability in RUGGEDCOM CROSSBOW Secure Access Manager Primary Before V5.8
SSA-552702 — CVSS 8.8 Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products
SSA-827968 — CVSS 8.9 Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices
These advisories matter because RUGGEDCOM products are often associated with ruggedized industrial networking and secure access use cases. Weaknesses in these systems can affect both security management and operational trust within the network.
4. Siemens also published advisories affecting endpoints, engineering tools, and industrial protocols
Other April 14 Siemens advisories include:
SSA-216014 — CVSS 8.2 Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs
SSA-186293 — CVSS 5.5 XML External Entity vulnerability in SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
SSA-726834 — CVSS 7.5 Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices
SSA-609469 — CVSS 7.1 Authorization Bypass Vulnerability in Industrial Edge Management
SSA-599968 — CVSS 7.5 Denial of Service Vulnerability in Profinet Devices
SSA-981622 — CVSS 3.7 Improper Certificate Validation Vulnerability in Siemens Analytics Toolkit
There are also multiple advisories related to shared or third-party software components:
SSA-244969 — CVSS 7.4 OpenSSL Vulnerability in Industrial Products
SSA-712929 — CVSS 7.5 Denial of Service Vulnerability in OpenSSL affecting Industrial Products
SSA-408105 — CVSS 7.5 Buffer Overflow Vulnerabilities in OpenSSL 3.0 affecting Siemens Products
SSA-628843 — CVSS 6.6 Out of Bound Read Vulnerability in TPM 2.0
SSA-913875 — CVSS 6.5 Frame Aggregation and Fragmentation Vulnerabilities in 802.11
SSA-726617 — CVSS 2.2 Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module
What Siemens customers should prioritize
For Siemens environments, the first review should focus on:
- SCALANCE devices and web interfaces
- SINEC NMS deployments
- RUGGEDCOM CROSSBOW and RUGGEDCOM APE1808
- Industrial Edge Management
- SIPROTEC 5 where RADIUS is used
- engineering workstations and field programming devices
- any Siemens assets that depend on OpenSSL, TPM, or exposed wireless functionality
The main reason is simple: these products often sit in management, communications, or trusted administrative roles. That gives them more impact than their asset count alone may suggest.
Schneider Electric advisories published on April 14, 2026
Schneider Electric's April 14 publication set includes both newly disclosed issues and updated advisories for long-standing product families. The affected scope is broad, ranging from shutdown software and managed switches to MiCOM protection devices, Modicon PLCs, and EcoStruxure engineering platforms.
1. PowerChute Serial Shutdown includes multiple distinct weaknesses
SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown Affected product: PowerChute Serial Shutdown Versions 1.4 and prior
Included CVEs: CVE-2026-2399, CVE-2026-2400, CVE-2026-2401, CVE-2026-2402, CVE-2026-2403, CVE-2026-2404, CVE-2026-2405
Associated weaknesses include:
- CWE-22 Path Traversal
- CWE-116 Improper Encoding or Escaping of Output
- CWE-307 Improper Restriction of Excessive Authentication Attempts
- CWE-400 Uncontrolled Resource Consumption
- CWE-1284 Improper Validation of Specified Quantity in Input
- CWE-93 CRLF Injection
- CWE-532 Insertion of Sensitive Information into Log File
This kind of advisory matters because it is not about a single bug. It points to several trust and input-handling issues in one product. When multiple validation, authentication, and logging problems show up together, defenders should assume the product deserves close review, especially if it is accessible from shared management networks.
2. Easergy MiCOM Px40 includes hard-coded credentials risk
SEVD-2026-104-03 CVE-2026-4832 — CWE-798 Use of Hard-coded Credentials
Affected products include a large range of Easergy MiCOM Px40 Series models, including various P14x, P24x, P34x, P44x, P54x, P64x, P74x, P84x families with specific version cutoffs.
This is the kind of issue OT teams should take very seriously. Hard-coded credentials are dangerous because they weaken trust at the design level. In environments where protection relays or substation-related devices are involved, access control weaknesses can become much more than a theoretical security concern.
3. Managed switches remain a key industrial exposure point
SEVD-2026-104-02 Third-Party vulnerability on Modicon Networking Managed Switches CVE-2024-3596 — CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Affected products include:
- Connexium Managed Switches: TCSESM*
- Modicon Managed Switches: MCSESM, MCSESP
- Modicon Redundancy Switches: MCSESR*
This is a good reminder that industrial switching infrastructure is not "just plumbing." Switches help define trust, communications, traffic flow, and resilience. If there is weakness in message integrity or in a third-party communication component, that can affect reliability and confidence across larger sections of the OT network.
4. Modicon M340 remains heavily represented across multiple advisories
A large share of Schneider's April 14 updates involve Modicon M340 and related communication modules.
Input validation issue SEVD-2025-224-05 (V2.0) — CVE-2025-6625 — CWE-20 Improper Input Validation
Affected products include Modicon M340, BMXNOR0200H, BMXNGD0100, BMXNOC0401, BMXNOE0100 prior to 3.50, and BMXNOE0110 prior to 6.70.
Web server information exposure issue SEVD-2025-014-05 (V3.0) — CVE-2024-12142 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Affected products include Modicon M340 processors, BMXNOE0100, BMXNOE0110, and BMXNOR0200H.
Authentication and communication integrity weaknesses SEVD-2024-317-02 (V2.0) — CVE-2024-8933, CVE-2024-8935 — CWE-290 Authentication Bypass by Spoofing, CWE-924 Improper Enforcement of Message Integrity
Affected products: Modicon M340 CPU, Modicon MC80, Modicon Momentum Unity M1E Processor.
External file or directory access issue SEVD-2024-163-01 (V3.0) — CVE-2024-5056 — CWE-552 Files or Directories Accessible to External Parties
Affected products: Modicon M340, BMXNOE0100, BMXNOE0110.
This concentration of advisories around the M340 family matters because the M340 is not an obscure legacy edge case. It is a recognizable controller platform, and repeated advisory activity involving both processors and communication modules should push asset owners to review architecture, exposure, and patch status carefully.
5. EcoStruxure Control Expert and Process Expert remain part of the exposure picture
Schneider also updated advisories involving engineering software and connected controllers.
Credential and communication weaknesses SEVD-2024-044-01 (V4.0) — CVE-2023-6408, CVE-2023-6409, CVE-2023-27975 — CWE-924, CWE-798, CWE-522
Affected products include EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340, Modicon M580, Modicon M580 Safety, Modicon MC80, and Modicon Momentum Unity M1E Processor.
Capture-replay authentication bypass SEVD-2023-010-06 (V6.0) — CVE-2022-45789 — CWE-294 Authentication Bypass by Capture-replay
Affected products include EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340, Modicon M580, Modicon M580 CPU Safety, Modicon Momentum Unity M1E Processor, and Modicon MC80.
These advisories are important because engineering software is often trusted by design. If authentication or credential protection is weak in that layer, the blast radius can extend beyond one workstation into device programming and operational control paths.
6. Schneider also continues to carry forward long-lived Modicon controller exposure
SEVD-2019-134-11 (V13.0)
Included CVEs span CVE-2018-7842 through CVE-2018-7857, CVE-2019-6806 through CVE-2019-6809, CVE-2019-6828 through CVE-2019-6830.
Associated weakness classes include out-of-bounds read, information exposure, uncaught exception, improper access control, authentication bypass by spoofing, trust boundary violation, and reliance on untrusted inputs in security decisions.
Affected product families include Modicon M340, M580, MC80, Momentum Unity M1E, Premium, Quantum, and PLC Simulator for EcoStruxure Control Expert.
This is a good example of something OT teams often face in practice: Patch Tuesday is not only about brand-new CVEs. It is also about revised advisories, version updates, broader affected-product mapping, and continuing remediation guidance for product families that remain heavily deployed.
What defenders should do with this information
The most useful response to a Patch Tuesday like this is structured prioritization.
For Siemens environments
Start with SCALANCE W-700 and web-managed SCALANCE products, SINEC NMS deployments, RUGGEDCOM CROSSBOW and RUGGEDCOM APE1808, Industrial Edge Management, SIPROTEC 5 where RADIUS is used, and SIMATIC IPCs and field engineering devices.
Focus especially on anything that is reachable from less-trusted networks, used for management or administration, internet-exposed, deployed in central communications roles, or dependent on shared vulnerable components like OpenSSL.
For Schneider Electric environments
Start with PowerChute Serial Shutdown, Easergy MiCOM Px40 Series, Connexium and Modicon managed switches, Modicon M340 CPUs and communication modules, EcoStruxure Control Expert, EcoStruxure Process Expert, and M580, M580 Safety, MC80, and Momentum families.
Pay special attention to hard-coded credentials, authentication bypass conditions, information exposure in embedded web servers, communication integrity issues, and controller communication modules that may be easy to overlook in asset inventories.
The real lesson from April 14, 2026
The Siemens and Schneider Electric advisories published on April 14, 2026 show how broad industrial cyber risk has become. These are not isolated software defects in back-office tools. They affect industrial networking, device management, engineering platforms, protection systems, PLCs, and communications infrastructure.
That means organizations should not treat this as a simple patch list. They should treat it as a prompt to review where trust is concentrated, which assets are exposed, how administration is controlled, whether engineering paths are protected, how old devices are segmented, and whether legacy controllers and communication modules are still running with known weaknesses.
In industrial environments, the most dangerous vulnerability is often not the one with the highest score. It is the one sitting quietly on a trusted device that everybody forgot was reachable.
This summary is for educational and awareness purposes and should not replace a direct technical review. Review your vendor security advisories for Patch Tuesday April 2026 to confirm affected product versions, remediation steps, mitigations, and update paths for your specific environment.
Sources: - Siemens ProductCERT Security Advisories - Schneider Electric Security Notifications