Bulletins

COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix …

Summary Note: This joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, joint fact sheet Primary Mitigations to Reduce Cyber Threats to Operational Technology and European Cybercrime Centre’s (EC3) Operation Eastwood, in which CISA, Federal Bureau of Investigation (FBI), …

BOSCH-SA-873110-BT: The TLS server implementation in MAP 5000 was found to use outdated settings for cryptography. The resulting weakness in the TLS protocol key exchange (Diffie-Hellman) allows an attacker to passively decrypt or intercept and manipulate secured communication. It is estimated that the required resources for a successful attack restrict …

BOSCH-SA-085467-BT: MAP 5000 is affected by an OpenSSH vulnerability which is enabled in a backwards compatibility mode. It allows remote attackers to cause a denial-of-service (DoS) by crashing the panel.

BOSCH-SA-688644-BT: The MAP 5000 is susceptible to multiple vulnerabilities. Vulnerability CVE-2021-3449 can lead to system crashes caused by DoS attacks. Such vulnerabilities allow malicious actors to disrupt service, resulting in downtime and loss of access for legitimate users, which can severely impact business operations. Vulnerability CVE-2023-48795 constitutes a weakness in …

BOSCH-SA-359440-BT: A security issue has been identified in the Bosch MAP 5000 family of products, which stems from the use of insecure cryptographic algorithms in the SSH service configuration. It may expose systems to cryptographic attacks, unauthorized access, or data leakage.

Mendix RichText editor contain a cross-site scripting vulnerability. Siemens has released a new version for Mendix RichText and recommends to update to the latest version.