September 2025
16.09.2025
US CERT (ICS)
Siemens RUGGEDCOM, SINEC NMS, and SINEMA
Titel
Siemens RUGGEDCOM, SINEC NMS, and SINEMA
Veröffentlicht
16. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-04
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
16.09.2025
US CERT (ICS)
Siemens SIMATIC NET CP, SINEMA, and SCALANCE
Titel
Siemens SIMATIC NET CP, SINEMA, and SCALANCE
Veröffentlicht
16. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-03
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
16.09.2025
US CERT (ICS)
Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter
Titel
Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter
Veröffentlicht
16. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Altivar products, ATVdPAC module, ILC992 InterLink Converter Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read or ...
16.09.2025
US CERT (ICS)
Siemens Multiple Industrial Products
Titel
Siemens Multiple Industrial Products
Veröffentlicht
16. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-06
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
16.09.2025
SIEMENS CERT
SSB-065467 V1.0: Weak Authentication Vulnerability in Trainguard End-of-Train and Head-of-Train
Titel
SSB-065467 V1.0: Weak Authentication Vulnerability in Trainguard End-of-Train and Head-of-Train
Veröffentlicht
16. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssb-065467.html
Text
11.09.2025
US CERT (ICS)
Siemens SIMOTION Tools
Titel
Siemens SIMOTION Tools
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-01
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Siemens SINAMICS Drives
Titel
Siemens SINAMICS Drives
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-03
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Daikin Security Gateway
Titel
Daikin Security Gateway
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-10
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Daikin Equipment: Security Gateway Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the system. 3. TECHNICAL ...
11.09.2025
US CERT (ICS)
Siemens SIMATIC Virtualization as a Service (SIVaaS)
Titel
Siemens SIMATIC Virtualization as a Service (SIVaaS)
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-02
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Siemens Industrial Edge Management OS (IEM-OS)
Titel
Siemens Industrial Edge Management OS (IEM-OS)
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-06
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Siemens Apogee PXC and Talon TC Devices
Titel
Siemens Apogee PXC and Talon TC Devices
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-05
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110
Titel
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110
Veröffentlicht
11. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-09
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340, BMXNOE0100, and BMXNOE0110 Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to prevent firmware updates and disrupt the webserver's proper ...
09.09.2025
US CERT (ICS)
Rockwell Automation FactoryTalk Optix
Titel
Rockwell Automation FactoryTalk Optix
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Optix Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of FactoryTalk Optix, ...
09.09.2025
US CERT (ICS)
Rockwell Automation 1783-NATR
Titel
Rockwell Automation 1783-NATR
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-09
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerability: Use of Platform-Dependent Third Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a memory corruption on the product. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
09.09.2025
US CERT (ICS)
Rockwell Automation Analytics LogixAI
Titel
Rockwell Automation Analytics LogixAI
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-08
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Rockwell Automation Equipment: Analytics LogixAI Vulnerability: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. ...
09.09.2025
US CERT (ICS)
ABB Cylon Aspect BMS/BAS
Titel
ABB Cylon Aspect BMS/BAS
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT, NEXUS, MATRIX Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to assume ...
09.09.2025
US CERT (ICS)
Rockwell Automation Stratix IOS
Titel
Rockwell Automation Stratix IOS
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix IOS Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run malicious configurations without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Stratix ...
09.09.2025
US CERT (ICS)
Rockwell Automation CompactLogix® 5480
Titel
Rockwell Automation CompactLogix® 5480
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix® 5480 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of CompactLogix® 5480 ...
09.09.2025
US CERT (ICS)
Rockwell Automation ControlLogix 5580
Titel
Rockwell Automation ControlLogix 5580
Veröffentlicht
9. September 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-07
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a major nonrecoverable fault on the controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version ...
09.09.2025
SIEMENS CERT
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Titel
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-563922.html
Text
Several tools for the SIMOTION system are affected by a local privilege escalation vulnerability. This could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. This vulnerability poses a risk only during setup and installation phase ...
09.09.2025
SIEMENS CERT
SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management
Titel
SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-640476.html
Text
Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Titel
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-534283.html
Text
SIMATIC Virtualization as a Service (SIVaaS) is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the vulnerability.
09.09.2025
SIEMENS CERT
SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...
Titel
SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-712929.html
Text
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released new versions for several affected products and recommends to update to the ...
09.09.2025
SIEMENS CERT
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Titel
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Text
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
09.09.2025
SIEMENS CERT
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Titel
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Veröffentlicht
9. September 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-916339.html
Text
Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
16.09.2025
US CERT
25.08.2025
US CERT (ICS)
16.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds