August 2025
14.08.2025
US CERT (ICS)
Siemens Opcenter Quality
Titel
Siemens Opcenter Quality
Veröffentlicht
14. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-06
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Rockwell Automation ControlLogix Ethernet Modules
Titel
Rockwell Automation ControlLogix Ethernet Modules
Veröffentlicht
14. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-28
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix Ethernet Modules Vulnerability: Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to perform memory dumps, modify memory, and control execution ...
14.08.2025
US CERT (ICS)
Rockwell FactoryTalk Linx
Titel
Rockwell FactoryTalk Linx
Veröffentlicht
14. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-24
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Rockwell Equipment: FactoryTalk Linx Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx drivers. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell ...
14.08.2025
US CERT (ICS)
Rockwell Automation Micro800
Titel
Rockwell Automation Micro800
Veröffentlicht
14. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-25
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Micro800 Vulnerabilities: Dependency on Vulnerable Third-Party Component, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution or may lead to privilege escalation. 3. TECHNICAL DETAILS ...
14.08.2025
US CERT (ICS)
Siemens Wibu CodeMeter Runtime
Titel
Siemens Wibu CodeMeter Runtime
Veröffentlicht
14. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-05
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
Titel
Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
Veröffentlicht
14. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-18
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Rockwell Automation FactoryTalk Action Manager
Titel
Rockwell Automation FactoryTalk Action Manager
Veröffentlicht
14. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-30
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Action Manager Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local unauthenticated attacker to listen to communications and manipulate the device. ...
14.08.2025
US CERT (ICS)
Siemens Third-Party Components in SINEC OS
Titel
Siemens Third-Party Components in SINEC OS
Veröffentlicht
14. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
SIEMENS CERT
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Titel
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Veröffentlicht
14. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-395458.html
Text
Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
14.08.2025
SIEMENS CERT
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRO...
Titel
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Veröffentlicht
14. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-201595.html
Text
Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege ...
14.08.2025
BOSCH PSIRT
Denial of Service on Rexroth Fieldbus Couplers
Titel
Denial of Service on Rexroth Fieldbus Couplers
Veröffentlicht
14. August 2025 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-757244.html
Text

BOSCH-SA-757244: Several fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin about a weakness in the web-based administration interface. A successful attack leads to an overload of the device and the hardware watchdog is triggered. Process data behaves according to the configured ...

14.08.2025
BOSCH PSIRT
Vulnerabilities in ctrlX OS - Setup
Titel
Vulnerabilities in ctrlX OS - Setup
Veröffentlicht
14. August 2025 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-129652.html
Text

BOSCH-SA-129652: Vulnerabilities in ctrlX OS - Setup

13.08.2025
SIEMENS CERT
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Titel
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Veröffentlicht
13. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-028723.html
Text
Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.
12.08.2025
US CERT (ICS)
Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
Titel
Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
Veröffentlicht
12. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Ashlar-Vellum Equipment: Cobalt, Xenon, Argon, Lithium, Cobalt Share Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 3. TECHNICAL ...
12.08.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Monitoring Expert
Titel
Schneider Electric EcoStruxure Power Monitoring Expert
Veröffentlicht
12. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Server-Side Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to read arbitrary files from the ...
12.08.2025
US CERT (ICS)
AVEVA PI Integrator
Titel
AVEVA PI Integrator
Veröffentlicht
12. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Integrator Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Insertion of Sensitive Information into Sent Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or ...
12.08.2025
US CERT (ICS)
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
Titel
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
Veröffentlicht
12. August 2025 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR, ULTRA G2 SE, iSTAR Edge G2 Vulnerabilities: OS Command Injection, Insufficient Verification of Data Authenticity, Use of Default Credentials, Missing Protection Mechanism for Alternate ...
12.08.2025
SIEMENS CERT
SSA-794185 V1.1 (Last Update: 2025-08-12): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SIPROTEC,...
Titel
SSA-794185 V1.1 (Last Update: 2025-08-12): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SIPROTEC, SICAM and Related Products
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-794185.html
Text
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., a SICAM device) and a RADIUS server, to forge Access-Request packets in ...
12.08.2025
SIEMENS CERT
SSA-840800 V1.5 (Last Update: 2025-08-12): Code Injection Vulnerability in RUGGEDCOM ROS
Titel
SSA-840800 V1.5 (Last Update: 2025-08-12): Code Injection Vulnerability in RUGGEDCOM ROS
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-840800.html
Text
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for ...
12.08.2025
SIEMENS CERT
SSA-800126 V1.1 (Last Update: 2025-08-12): Deserialization Vulnerability in Siemens Engineering Platforms before V20
Titel
SSA-800126 V1.1 (Last Update: 2025-08-12): Deserialization Vulnerability in Siemens Engineering Platforms before V20
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-800126.html
Text
Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further ...
12.08.2025
SIEMENS CERT
SSA-787941 V1.5 (Last Update: 2025-08-12): Denial of Service Vulnerability in RUGGEDCOM ROS devices
Titel
SSA-787941 V1.5 (Last Update: 2025-08-12): Denial of Service Vulnerability in RUGGEDCOM ROS devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-787941.html
Text
RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens ...
12.08.2025
SIEMENS CERT
SSA-894058 V1.0: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5
Titel
SSA-894058 V1.0: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-894058.html
Text
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to ...
12.08.2025
SIEMENS CERT
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Titel
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-908185.html
Text
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
12.08.2025
SIEMENS CERT
SSA-864900 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Titel
SSA-864900 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Text
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
12.08.2025
SIEMENS CERT
SSA-994087 V1.0: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7
Titel
SSA-994087 V1.0: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-994087.html
Text
RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and recommends to update to the ...

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
26.08.2025
US CERT
25.08.2025
US CERT (ICS)
04.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds