September 2025
Titel
SSB-065467 V1.0: Weak Authentication Vulnerability in Trainguard End-of-Train and Head-of-Train
Veröffentlicht
16. September 2025 02:00
Text
Titel
SSA-494539 V1.0: Multiple Vulnerabilities in SINEC OS
Veröffentlicht
9. September 2025 02:00
Text
SINEC OS is affected by multiple vulnerabilities due to open UDP ports, which could allow an attacker to access non-sensitive information without authentication or potentially cause temporary denial of service. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Titel
SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management
Veröffentlicht
9. September 2025 02:00
Text
Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
Titel
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Veröffentlicht
9. September 2025 02:00
Text
SIMATIC Virtualization as a Service (SIVaaS) is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the vulnerability.
Titel
SSA-265688 V1.9 (Last Update: 2025-09-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
Veröffentlicht
9. September 2025 02:00
Text
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Titel
SSA-366067 V1.6 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Veröffentlicht
9. September 2025 02:00
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or ...
Titel
SSA-691715 V1.7 (Last Update: 2025-09-09): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Veröffentlicht
9. September 2025 02:00
Text
A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where ...
Titel
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Veröffentlicht
9. September 2025 02:00
Text
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
Titel
SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Veröffentlicht
9. September 2025 02:00
Text
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released new versions for several affected products and recommends to update to the ...
Titel
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Veröffentlicht
9. September 2025 02:00
Text
Several tools for the SIMOTION system are affected by a local privilege escalation vulnerability. This could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. This vulnerability poses a risk only during setup and installation phase ...
Titel
SSA-331739 V1.1 (Last Update: 2025-09-09): Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products
Veröffentlicht
9. September 2025 02:00
Text
WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products. Siemens has released new versions for affected products and recommends to update to the latest versions. Siemens ...
Titel
SSA-282044 V1.1 (Last Update: 2025-09-09): DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery
Veröffentlicht
9. September 2025 02:00
Text
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the ...
Titel
SSA-027652 V1.0: Privilege Escalation Vulnerability in SINAMICS Drives
Veröffentlicht
9. September 2025 02:00
Text
Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where ...
Titel
SSA-722410 V1.0: Multiple Vulnerabilities in User Management Component (UMC)
Veröffentlicht
9. September 2025 02:00
Text
Siemens’ User Management Component (UMC) is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component (UMC) and recommends to update to the latest version. Siemens recommends ...
Titel
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Veröffentlicht
9. September 2025 02:00
Text
Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Titel
SSA-503939 V1.2 (Last Update: 2025-09-09): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP
Veröffentlicht
9. September 2025 02:00
Text
Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
August 2025
Titel
SSA-707630 V1.1 (Last Update: 2025-08-26): Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Veröffentlicht
26. August 2025 02:00
Text
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
Titel
SSA-201595 V1.1 (Last Update: 2025-08-19): Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Veröffentlicht
19. August 2025 02:00
Text
Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege ...
Titel
SSA-711309 V2.4 (Last Update: 2025-08-18): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Veröffentlicht
18. August 2025 02:00
Text
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released new versions for several affected products and ...
Titel
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Veröffentlicht
14. August 2025 02:00
Text
Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
Titel
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Veröffentlicht
14. August 2025 02:00
Text
Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege ...
Titel
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Veröffentlicht
13. August 2025 02:00
Text
Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.
Titel
SSA-687955 V1.1 (Last Update: 2025-08-12): Accessible Development Shell via Physical Interface in SIPROTEC 5
Veröffentlicht
12. August 2025 02:00
Text
Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released new versions for several affected products and ...
Titel
SSA-693808 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms
Veröffentlicht
12. August 2025 02:00
Text
Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the affected application and its privileges. Siemens ...
Titel
SSA-674084 V1.0: File Parsing Vulnerabilities in Simcenter Femap Before V2506
Veröffentlicht
12. August 2025 02:00
Text
Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the affected application, this could lead the application to crash or potentially lead to arbitrary code execution. ...

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
16.09.2025
US CERT
25.08.2025
US CERT (ICS)
16.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds