September 2025
11.09.2025
US CERT (ICS)
Siemens SIMOTION Tools
Titel
Siemens SIMOTION Tools
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-01
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Daikin Security Gateway
Titel
Daikin Security Gateway
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-10
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Daikin Equipment: Security Gateway Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the system. 3. TECHNICAL ...
11.09.2025
US CERT (ICS)
Siemens SIMATIC Virtualization as a Service (SIVaaS)
Titel
Siemens SIMATIC Virtualization as a Service (SIVaaS)
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-02
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110
Titel
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-09
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340, BMXNOE0100, and BMXNOE0110 Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to prevent firmware updates and disrupt the webserver's proper ...
11.09.2025
US CERT (ICS)
Siemens Apogee PXC and Talon TC Devices
Titel
Siemens Apogee PXC and Talon TC Devices
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-05
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Siemens SINAMICS Drives
Titel
Siemens SINAMICS Drives
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-03
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Siemens Industrial Edge Management OS (IEM-OS)
Titel
Siemens Industrial Edge Management OS (IEM-OS)
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-06
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
09.09.2025
US CERT (ICS)
Rockwell Automation 1783-NATR
Titel
Rockwell Automation 1783-NATR
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-09
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerability: Use of Platform-Dependent Third Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a memory corruption on the product. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
09.09.2025
US CERT (ICS)
Rockwell Automation Analytics LogixAI
Titel
Rockwell Automation Analytics LogixAI
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-08
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Rockwell Automation Equipment: Analytics LogixAI Vulnerability: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. ...
09.09.2025
US CERT (ICS)
ABB Cylon Aspect BMS/BAS
Titel
ABB Cylon Aspect BMS/BAS
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT, NEXUS, MATRIX Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to assume ...
09.09.2025
US CERT (ICS)
Rockwell Automation Stratix IOS
Titel
Rockwell Automation Stratix IOS
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix IOS Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run malicious configurations without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Stratix ...
09.09.2025
US CERT (ICS)
Rockwell Automation CompactLogix® 5480
Titel
Rockwell Automation CompactLogix® 5480
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix® 5480 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of CompactLogix® 5480 ...
09.09.2025
US CERT (ICS)
Rockwell Automation ControlLogix 5580
Titel
Rockwell Automation ControlLogix 5580
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-07
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a major nonrecoverable fault on the controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version ...
09.09.2025
US CERT (ICS)
Rockwell Automation FactoryTalk Optix
Titel
Rockwell Automation FactoryTalk Optix
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Optix Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of FactoryTalk Optix, ...
09.09.2025
SIEMENS CERT
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Titel
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-563922.html
Text
Several tools for the SIMOTION system are affected by a local privilege escalation vulnerability. This could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. This vulnerability poses a risk only during setup and installation phase ...
09.09.2025
SIEMENS CERT
SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management
Titel
SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-640476.html
Text
Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Titel
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-534283.html
Text
SIMATIC Virtualization as a Service (SIVaaS) is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the vulnerability.
09.09.2025
SIEMENS CERT
SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...
Titel
SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-712929.html
Text
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released new versions for several affected products and recommends to update to the ...
09.09.2025
SIEMENS CERT
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Titel
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-916339.html
Text
Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-722410 V1.0: Multiple Vulnerabilities in User Management Component (UMC)
Titel
SSA-722410 V1.0: Multiple Vulnerabilities in User Management Component (UMC)
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-722410.html
Text
Siemens’ User Management Component (UMC) is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component (UMC) and recommends to update to the latest version. Siemens recommends ...
09.09.2025
SIEMENS CERT
SSA-691715 V1.7 (Last Update: 2025-09-09): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Titel
SSA-691715 V1.7 (Last Update: 2025-09-09): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-691715.html
Text
A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where ...
09.09.2025
SIEMENS CERT
SSA-366067 V1.6 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Titel
SSA-366067 V1.6 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-366067.html
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or ...
09.09.2025
SIEMENS CERT
SSA-494539 V1.0: Multiple Vulnerabilities in SINEC OS
Titel
SSA-494539 V1.0: Multiple Vulnerabilities in SINEC OS
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-494539.html
Text
SINEC OS is affected by multiple vulnerabilities due to open UDP ports, which could allow an attacker to access non-sensitive information without authentication or potentially cause temporary denial of service. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Titel
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Text
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
09.09.2025
SIEMENS CERT
SSA-503939 V1.2 (Last Update: 2025-09-09): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP
Titel
SSA-503939 V1.2 (Last Update: 2025-09-09): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-503939.html
Text
Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
09.09.2025
US CERT
25.08.2025
US CERT (ICS)
11.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds