CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : Studio 5000 Simulation Interface Vulnerabilities : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : SICAM P850 family and SICAM P855 family Vulnerabilities : Cross-Site Request Forgery (CSRF), Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform …
CISA (ICS)
11/13/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 …
SIEMENS CERT
11/11/2025
SIPROTEC 5 devices contain a null pointer dereference vulnerability in the web service. This could allow an attacker to send unauthenticated maliciously crafted http request that could cause denial of service condition of the device. Siemens has released new versions for the affected products and recommends to update to the …
SIEMENS CERT
11/11/2025
Altair Grid Engine contain multiple vulnerabilities that could allow an attacker to escalate privileges and execute arbitrary code with superuser permissions. Siemens has released a new version for Altair Grid Engine and recommends to update to the latest version.
SIEMENS CERT
11/11/2025
Siemens Software Center and Solid Edge is affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
11/11/2025
Spectrum Power 4 before v4.70 SP12 Security Patch 2 contains multiple vulnerabilities that could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator. Siemens has released a new version for Spectrum Power 4 and recommends to update to the latest version.
SIEMENS CERT
11/11/2025
The web interface of RUGGEDCOM ROX II devices contain multiple Client-Side Enforcement of Server-Side Security vulnerabilities that could allow an attacker with a legitimate, highly privileged account on the web interface to get privileged code execution in the underlying OS of the affected products. Siemens has released new versions for …