September 2025
11.09.2025
US CERT (ICS)
Siemens SIMOTION Tools
Title
Siemens SIMOTION Tools
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Daikin Security Gateway
Title
Daikin Security Gateway
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-10
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Daikin Equipment: Security Gateway Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the system. 3. TECHNICAL ...
11.09.2025
US CERT (ICS)
Siemens SIMATIC Virtualization as a Service (SIVaaS)
Title
Siemens SIMATIC Virtualization as a Service (SIVaaS)
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-02
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110
Title
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-09
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340, BMXNOE0100, and BMXNOE0110 Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to prevent firmware updates and disrupt the webserver's proper ...
11.09.2025
US CERT (ICS)
Siemens Apogee PXC and Talon TC Devices
Title
Siemens Apogee PXC and Talon TC Devices
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-05
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Siemens SINAMICS Drives
Title
Siemens SINAMICS Drives
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-03
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Siemens Industrial Edge Management OS (IEM-OS)
Title
Siemens Industrial Edge Management OS (IEM-OS)
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-06
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
09.09.2025
US CERT (ICS)
Rockwell Automation 1783-NATR
Title
Rockwell Automation 1783-NATR
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-09
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerability: Use of Platform-Dependent Third Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a memory corruption on the product. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
09.09.2025
US CERT (ICS)
Rockwell Automation Analytics LogixAI
Title
Rockwell Automation Analytics LogixAI
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-08
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Rockwell Automation Equipment: Analytics LogixAI Vulnerability: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. ...
09.09.2025
US CERT (ICS)
ABB Cylon Aspect BMS/BAS
Title
ABB Cylon Aspect BMS/BAS
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT, NEXUS, MATRIX Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to assume ...
09.09.2025
US CERT (ICS)
Rockwell Automation Stratix IOS
Title
Rockwell Automation Stratix IOS
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix IOS Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run malicious configurations without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Stratix ...
09.09.2025
US CERT (ICS)
Rockwell Automation CompactLogix® 5480
Title
Rockwell Automation CompactLogix® 5480
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix® 5480 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of CompactLogix® 5480 ...
09.09.2025
US CERT (ICS)
Rockwell Automation ControlLogix 5580
Title
Rockwell Automation ControlLogix 5580
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-07
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a major nonrecoverable fault on the controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version ...
09.09.2025
US CERT (ICS)
Rockwell Automation FactoryTalk Optix
Title
Rockwell Automation FactoryTalk Optix
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Optix Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of FactoryTalk Optix, ...
09.09.2025
SIEMENS CERT
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Title
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-563922.html
Summary
Several tools for the SIMOTION system are affected by a local privilege escalation vulnerability. This could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. This vulnerability poses a risk only during setup and installation phase ...
09.09.2025
SIEMENS CERT
SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management
Title
SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-640476.html
Summary
Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Title
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-534283.html
Summary
SIMATIC Virtualization as a Service (SIVaaS) is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the vulnerability.
09.09.2025
SIEMENS CERT
SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...
Title
SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-712929.html
Summary
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released new versions for several affected products and recommends to update to the ...
09.09.2025
SIEMENS CERT
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Title
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-916339.html
Summary
Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-722410 V1.0: Multiple Vulnerabilities in User Management Component (UMC)
Title
SSA-722410 V1.0: Multiple Vulnerabilities in User Management Component (UMC)
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-722410.html
Summary
Siemens’ User Management Component (UMC) is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component (UMC) and recommends to update to the latest version. Siemens recommends ...
09.09.2025
SIEMENS CERT
SSA-691715 V1.7 (Last Update: 2025-09-09): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Title
SSA-691715 V1.7 (Last Update: 2025-09-09): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-691715.html
Summary
A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where ...
09.09.2025
SIEMENS CERT
SSA-366067 V1.6 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Title
SSA-366067 V1.6 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-366067.html
Summary
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or ...
09.09.2025
SIEMENS CERT
SSA-494539 V1.0: Multiple Vulnerabilities in SINEC OS
Title
SSA-494539 V1.0: Multiple Vulnerabilities in SINEC OS
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-494539.html
Summary
SINEC OS is affected by multiple vulnerabilities due to open UDP ports, which could allow an attacker to access non-sensitive information without authentication or potentially cause temporary denial of service. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Title
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Summary
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
09.09.2025
SIEMENS CERT
SSA-503939 V1.2 (Last Update: 2025-09-09): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP
Title
SSA-503939 V1.2 (Last Update: 2025-09-09): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-503939.html
Summary
Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
09.09.2025
US CERT
25.08.2025
US CERT (ICS)
11.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds