August 2025
18.08.2025
SIEMENS CERT
SSA-711309 V2.4 (Last Update: 2025-08-18): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Titel
SSA-711309 V2.4 (Last Update: 2025-08-18): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Veröffentlicht
18. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-711309.html
Text
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released new versions for several affected products and ...
14.08.2025
SIEMENS CERT
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRO...
Titel
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Veröffentlicht
14. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-201595.html
Text
Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege ...
14.08.2025
SIEMENS CERT
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Titel
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Veröffentlicht
14. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-395458.html
Text
Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
13.08.2025
SIEMENS CERT
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Titel
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Veröffentlicht
13. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-028723.html
Text
Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-707630 V1.0: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Titel
SSA-707630 V1.0: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-707630.html
Text
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-674084 V1.0: File Parsing Vulnerabilities in Simcenter Femap Before V2506
Titel
SSA-674084 V1.0: File Parsing Vulnerabilities in Simcenter Femap Before V2506
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-674084.html
Text
Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the affected application, this could lead the application to crash or potentially lead to arbitrary code execution. ...
12.08.2025
SIEMENS CERT
SSA-665108 V1.0: Arbitrary File Upload Vulnerability in RUGGEDCOM ROX II
Titel
SSA-665108 V1.0: Arbitrary File Upload Vulnerability in RUGGEDCOM ROX II
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-665108.html
Text
RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the devices. Siemens is ...
12.08.2025
SIEMENS CERT
SSA-856721 V1.3 (Last Update: 2025-08-12): Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Dev...
Titel
SSA-856721 V1.3 (Last Update: 2025-08-12): Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-856721.html
Text
The RUGGEDCOM RCDP protocol is not properly configured after commissioning of RUGGEDCOM ROS based devices and some SCALANCE X switch models and could allow unauthenticated remote users to perform administrative operations. An attacker must be in the same adjacent network and the RCDP daemon must be enabled in order to ...
12.08.2025
SIEMENS CERT
SSA-787941 V1.5 (Last Update: 2025-08-12): Denial of Service Vulnerability in RUGGEDCOM ROS devices
Titel
SSA-787941 V1.5 (Last Update: 2025-08-12): Denial of Service Vulnerability in RUGGEDCOM ROS devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-787941.html
Text
RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens ...
12.08.2025
SIEMENS CERT
SSA-794185 V1.1 (Last Update: 2025-08-12): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SIPROTEC,...
Titel
SSA-794185 V1.1 (Last Update: 2025-08-12): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SIPROTEC, SICAM and Related Products
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-794185.html
Text
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., a SICAM device) and a RADIUS server, to forge Access-Request packets in ...
12.08.2025
SIEMENS CERT
SSA-767615 V1.4 (Last Update: 2025-08-12): Information Disclosure Vulnerability in SIPROTEC 5 Devices
Titel
SSA-767615 V1.4 (Last Update: 2025-08-12): Information Disclosure Vulnerability in SIPROTEC 5 Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-767615.html
Text
An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.
12.08.2025
SIEMENS CERT
SSA-764417 V1.9 (Last Update: 2025-08-12): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Titel
SSA-764417 V1.9 (Last Update: 2025-08-12): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-764417.html
Text
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released new versions for the affected ...
12.08.2025
SIEMENS CERT
SSA-693808 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms
Titel
SSA-693808 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-693808.html
Text
Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the affected application and its privileges. Siemens ...
12.08.2025
SIEMENS CERT
SSA-687955 V1.1 (Last Update: 2025-08-12): Accessible Development Shell via Physical Interface in SIPROTEC 5
Titel
SSA-687955 V1.1 (Last Update: 2025-08-12): Accessible Development Shell via Physical Interface in SIPROTEC 5
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-687955.html
Text
Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released new versions for several affected products and ...
12.08.2025
SIEMENS CERT
SSA-994087 V1.0: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7
Titel
SSA-994087 V1.0: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-994087.html
Text
RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and recommends to update to the ...
12.08.2025
SIEMENS CERT
SSA-914892 V1.1 (Last Update: 2025-08-12): Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime
Titel
SSA-914892 V1.1 (Last Update: 2025-08-12): Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-914892.html
Text
The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...
12.08.2025
SIEMENS CERT
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Titel
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-908185.html
Text
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
12.08.2025
SIEMENS CERT
SSA-978177 V1.0: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices
Titel
SSA-978177 V1.0: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-978177.html
Text
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-894058 V1.0: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5
Titel
SSA-894058 V1.0: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-894058.html
Text
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to ...
12.08.2025
SIEMENS CERT
SSA-864900 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Titel
SSA-864900 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Text
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
12.08.2025
SIEMENS CERT
SSA-840800 V1.5 (Last Update: 2025-08-12): Code Injection Vulnerability in RUGGEDCOM ROS
Titel
SSA-840800 V1.5 (Last Update: 2025-08-12): Code Injection Vulnerability in RUGGEDCOM ROS
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-840800.html
Text
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for ...
12.08.2025
SIEMENS CERT
SSA-800126 V1.1 (Last Update: 2025-08-12): Deserialization Vulnerability in Siemens Engineering Platforms before V20
Titel
SSA-800126 V1.1 (Last Update: 2025-08-12): Deserialization Vulnerability in Siemens Engineering Platforms before V20
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-800126.html
Text
Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further ...
12.08.2025
SIEMENS CERT
SSA-770770 V1.6 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices
Titel
SSA-770770 V1.6 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-770770.html
Text
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-769791 V1.0: Local Arbitrary Code Execution Vulnerability in COMOS Before V10.6
Titel
SSA-769791 V1.0: Local Arbitrary Code Execution Vulnerability in COMOS Before V10.6
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-769791.html
Text
COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-770902 V1.2 (Last Update: 2025-08-12): Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Titel
SSA-770902 V1.2 (Last Update: 2025-08-12): Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Veröffentlicht
12. August 2025 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-770902.html
Text
A denial of service vulnerability could allow an unauthorized attacker to cause total loss of availability in the web server of the affected devices. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
18.08.2025
US CERT
29.07.2025
US CERT (ICS)
14.08.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds