Juni 2025
Titel
SSA-366067 V1.4 (Last Update: 2025-06-10): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Veröffentlicht
10. Juni 2025 02:00
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or ...
Titel
SSA-698820 V1.7 (Last Update: 2025-06-10): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.4 on RUGGEDCOM APE1808 Devices
Veröffentlicht
10. Juni 2025 02:00
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
Titel
SSA-858251 V1.1 (Last Update: 2025-06-10): Authentication Bypass Vulnerabilities in OPC UA
Veröffentlicht
10. Juni 2025 02:00
Text
The products listed below contain two authentication bypass vulnerabilities that could allow an attacker to gain access to the data managed by the server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures ...
Titel
SSA-693776 V1.0: Multiple Vulnerabilities in Industrial Communication Devices based on SINEC OS before V3.2
Veröffentlicht
10. Juni 2025 02:00
Text
Several Industrial Communication Devices based on SINEC OS before V3.2 contain multiple vulnerabilities that could allow an attacker to circumvent authorization checks and perform actions that exceed the permissions of the “guest” role. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Titel
SSA-216014 V1.1 (Last Update: 2025-06-10): Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs
Veröffentlicht
10. Juni 2025 02:00
Text
Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens ...
Titel
SSA-054046 V1.6 (Last Update: 2025-06-10): Unauthenticated Information Disclosure in Web Server of SIMATIC S7-1500 CPUs
Veröffentlicht
10. Juni 2025 02:00
Text
Several SIMATIC S7-1500 CPU versions are affected by an authentication bypass vulnerability that could allow an unauthenticated remote attacker to gain knowledge about actual and configured maximum cycle times and communication load of the CPU. Siemens has released new versions for several affected products and recommends to update to the ...
Titel
SSA-874353 V1.3 (Last Update: 2025-06-10): Entity Enumeration Vulnerability in Mendix Runtime
Veröffentlicht
10. Juni 2025 02:00
Text
Mendix Runtime allows for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application. Siemens has released new versions for several affected products and recommends to update to the latest ...
Titel
Hitachi Energy Relion 670, 650 Series and SAM600-IO Product
Veröffentlicht
5. Juni 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670, Relion 650, SAM600-IO Vulnerabilities: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption on the products. 3. TECHNICAL DETAILS 3.1 ...
Titel
CyberData 011209 SIP Emergency Intercom
Veröffentlicht
5. Juni 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: CyberData Equipment: 011209 SIP Emergency Intercom Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, SQL Injection, Insufficiently Protected Credentials, Path Traversal: '.../...//' 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...
Titel
Schneider Electric Wiser Home Automation
Veröffentlicht
3. Juni 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Wiser AvatarOn 6K Freelocate, Wiser Cuadro H 5P Socket Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to ...
Mai 2025
Titel
Consilium Safety CS5000 Fire Panel
Veröffentlicht
29. Mai 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Consilium Safety Equipment: CS5000 Fire Panel Vulnerabilities: Initialization of a Resource with an Insecure Default, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to ...
Titel
Instantel Micromate
Veröffentlicht
29. Mai 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Instantel Equipment: Micromate Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
Titel
Siemens SiPass
Veröffentlicht
29. Mai 2025 14:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Johnson Controls iSTAR Configuration Utility (ICU) Tool
Veröffentlicht
27. Mai 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: iSTAR Configuration Utility (ICU) tool Vulnerability: Use of Uninitialized Variable 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to gain access to memory leaked from the ICU. 3. TECHNICAL ...
Titel
SSA-367714 V1.0: Improper Integrity Check of Firmware Updates in SiPass integrated AC5102 / ACC-G2 and ACC-AP
Veröffentlicht
23. Mai 2025 02:00
Text
SiPass integrated ACC (Advanced Central Controller) devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Titel
SSA-041082 V1.0: Out of Bounds Read Vulnerability in SiPass Integrated Before V2.95.3.18
Veröffentlicht
23. Mai 2025 02:00
Text
SiPass integrated versions before V2.95.3.18 contain an out of bounds read vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition. Siemens has released a new version for SiPass integrated and recommends to update to the latest version.
Titel
Lantronix Device Installer
Veröffentlicht
22. Mai 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: Device Installer Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to the host machine running the Device Installer software. 3. ...
Titel
Rockwell Automation FactoryTalk Historian ThingWorx
Veröffentlicht
22. Mai 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 95057C-FTHTWXCT11 Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files. ...
Titel
SSA-726617 V1.1 (Last Update: 2025-05-22): Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module
Veröffentlicht
22. Mai 2025 02:00
Text
The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released a new version for Mendix OIDC SSO (Mendix 10 compatible) and recommends to update ...
Titel
Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations
Veröffentlicht
20. Mai 2025 21:20
Text
Summary The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint advisory to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with threat actors deploying the LummaC2 information stealer (infostealer) malware. LummaC2 malware is able to infiltrate ...
Titel
Siemens Siveillance Video
Veröffentlicht
20. Mai 2025 14:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Danfoss AK-SM 8xxA Series
Veröffentlicht
20. Mai 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Danfoss Equipment: AK-SM 8xxA Series Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could enable a remote attacker to bypass authentication and execute arbitrary code remotely. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions ...
Titel
National Instruments Circuit Design Suite
Veröffentlicht
20. Mai 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: Circuit Design Suite Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 ...
Titel
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products
Veröffentlicht
20. Mai 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric Equipment: ICONICS Product Suite and Mitsubishi Electric MC Works64 Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information tampering on the target ...
Titel
ABUP IoT Cloud Platform
Veröffentlicht
20. Mai 2025 14:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable remotely/Low attack complexity Vendor: ABUP Equipment: ABUP Internet of Things (IoT) Cloud Platform Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access device profiles for which they are not authorized. 3. ...

Letzte Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
24.06.2025
US CERT
12.06.2025
US CERT (ICS)
03.07.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds