SIEMENS CERT
10/14/2025
SIMATIC S7-1200 CPU V1/V2 controllers contain two vulnerabilities that could allow an unauthenticated remote attacker to trigger functions by record and playback of legitimate network communication, or to place the controller in stop/defect state by causing a communications error. Siemens has released new versions for the affected products and recommends …
SIEMENS CERT
10/14/2025
SiPass integrated ACC (Advanced Central Controller) devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
10/14/2025
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Customers are advised to consult and implement the workarounds …
SIEMENS CERT
10/14/2025
SIMATIC S7-1200 CPU V2 devices contain an insufficiently protected private key used for the Certificate Authority (CA) for HTTPS connections. Possession of this key could allow remote attackers to spoof the device’s web server by creating a forged web server certificate. Siemens recommends specific countermeasures for products where fixes are …
SIEMENS CERT
10/14/2025
SIMATIC ET 200SP communication processors (CP 1542SP-1, CP 1542SP-1 IRC and CP 1543SP-1, incl. SIPLUS variants) contain an authentication vulnerability that could allow an unauthenticated remote attacker to access the configuration data. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/14/2025
Multiple Siemens products are affected by a type confusion vulnerability in Google Chrome prior to 138.0.7204.96. This could allow a remote attacker to perform arbitrary code execution via a crafted HTML page. Siemens has released a new version for Industrial Edge App Publisher and recommends to update to the latest …
SIEMENS CERT
10/14/2025
Several SIMATIC S7-1500 and S7-1200 CPU versions are affected by an open redirect vulnerability that could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. For a successful attack, the legitimate user must actively click on an attacker-crafted link. Siemens …
SIEMENS CERT
10/14/2025
SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER are affected by an XXE injection vulnerability that could allow an attacker to access arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends …