Bulletins

SIEMENS CERT
09/16/2025

SSB-065467 V1.0: Weak Authentication Vulnerability in Trainguard End-of-Train and Head-of-Train

SIEMENS CERT
09/09/2025

SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released new versions for several affected products and recommends to update to the …
SIEMENS CERT
09/09/2025

SSA-691715 V1.7 (Last Update: 2025-09-09): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products

A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where …
SIEMENS CERT
09/09/2025

SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices

Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
09/09/2025

SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management

Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
09/09/2025

SSA-722410 V1.0: Multiple Vulnerabilities in User Management Component (UMC)

Siemens’ User Management Component (UMC) is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component (UMC) and recommends to update to the latest version. Siemens recommends …
SIEMENS CERT
09/09/2025

SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices

Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
SIEMENS CERT
09/09/2025

SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools

Several tools for the SIMOTION system are affected by a local privilege escalation vulnerability. This could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. This vulnerability poses a risk only during setup and installation phase …