Bulletins

SIEMENS CERT
08/12/2025

SSA-400089 V1.0: Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact

SIPROTEC 4 and SIPROTEC 4 Compact devices contain a vulnerability that could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures …
SIEMENS CERT
08/12/2025

SSA-392859 V1.1 (Last Update: 2025-08-12): Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20

Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures …
SIEMENS CERT
08/12/2025

SSA-382999 V1.0: Multiple Vulnerabilities in Opcenter Quality Before V2506

The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home (SC), SOA Audit and SOA Cockpit. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
08/12/2025

SSA-177847 V1.0: Improper VNC Password Check Vulnerability in SINUMERIK Controllers

Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
07/21/2025

SSA-725549 V1.3 (Last Update: 2025-07-21): Denial of Service of ICMP in Industrial Devices

A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP packets. A successful attack will impact the availability …
SIEMENS CERT
07/18/2025

SSA-183963 V1.1 (Last Update: 2025-07-18): Certificate Validation Vulnerabilities in SICAM TOOLBOX II Before V07.11

During establishment of a https connection to the TLS server of a managed device, SICAM TOOLBOX II improperly validates that device’s certificate. This could allow an attacker to execute an on-path network (MitM) attack. Siemens has released a new version for SICAM TOOLBOX II and recommends to update to the …
SIEMENS CERT
07/10/2025

SSA-725549 V1.2 (Last Update: 2025-07-10): Denial of Service of ICMP in Industrial Devices

A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP packets. A successful attack will impact the availability …
SIEMENS CERT
07/08/2025

SSA-078892 V1.0: Multiple Vulnerabilities in SINEC NMS Before V4.0

Siemens SINEC NMS before V4.0 is affected by multiple vulnerabilities which could allow an attacker to elevate privilege and exceute arbitrary code. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products …