Bulletins | CERT@VDE

Siemens Multiple Industrial Products

Titel

Siemens Multiple Industrial Products

Veröffentlicht

16. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-06

Text

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

Siemens RUGGEDCOM, SINEC NMS, and SINEMA

Titel

Siemens RUGGEDCOM, SINEC NMS, and SINEMA

Veröffentlicht

16. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-04

Text

Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter

Titel

Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter

Veröffentlicht

16. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Altivar products, ATVdPAC module, ILC992 InterLink Converter Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read or ...

Siemens SIMATIC NET CP, SINEMA, and SCALANCE

Titel

Siemens SIMATIC NET CP, SINEMA, and SCALANCE

Veröffentlicht

16. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-03

Text

Daikin Security Gateway

Titel

Daikin Security Gateway

Veröffentlicht

11. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-10

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Daikin Equipment: Security Gateway Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the system. 3. TECHNICAL ...

Siemens SINAMICS Drives

Titel

Siemens SINAMICS Drives

Veröffentlicht

11. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-03

Text

Siemens Industrial Edge Management OS (IEM-OS)

Titel

Siemens Industrial Edge Management OS (IEM-OS)

Veröffentlicht

11. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-06

Text

Siemens SIMOTION Tools

Titel

Siemens SIMOTION Tools

Veröffentlicht

11. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-01

Text

Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110

Titel

Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110

Veröffentlicht

11. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-09

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340, BMXNOE0100, and BMXNOE0110 Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to prevent firmware updates and disrupt the webserver's proper ...

Siemens Apogee PXC and Talon TC Devices

Titel

Siemens Apogee PXC and Talon TC Devices

Veröffentlicht

11. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-05

Text

Siemens SIMATIC Virtualization as a Service (SIVaaS)

Titel

Siemens SIMATIC Virtualization as a Service (SIVaaS)

Veröffentlicht

11. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-02

Text

Rockwell Automation CompactLogix® 5480

Titel

Rockwell Automation CompactLogix® 5480

Veröffentlicht

9. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-06

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix® 5480 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of CompactLogix® 5480 ...

Rockwell Automation Analytics LogixAI

Titel

Rockwell Automation Analytics LogixAI

Veröffentlicht

9. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-08

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Rockwell Automation Equipment: Analytics LogixAI Vulnerability: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. ...

Rockwell Automation 1783-NATR

Titel

Rockwell Automation 1783-NATR

Veröffentlicht

9. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-09

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerability: Use of Platform-Dependent Third Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a memory corruption on the product. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

ABB Cylon Aspect BMS/BAS

Titel

ABB Cylon Aspect BMS/BAS

Veröffentlicht

9. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT, NEXUS, MATRIX Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to assume ...

Rockwell Automation FactoryTalk Optix

Titel

Rockwell Automation FactoryTalk Optix

Veröffentlicht

9. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Optix Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of FactoryTalk Optix, ...

Rockwell Automation Stratix IOS

Titel

Rockwell Automation Stratix IOS

Veröffentlicht

9. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix IOS Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run malicious configurations without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Stratix ...

Rockwell Automation ControlLogix 5580

Titel

Rockwell Automation ControlLogix 5580

Veröffentlicht

9. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-07

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a major nonrecoverable fault on the controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version ...

04.09.2025

Honeywell OneWireless Wireless Device Manager (WDM)

Titel

Honeywell OneWireless Wireless Device Manager (WDM)

Veröffentlicht

4. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-247-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: OneWireless Wireless Device Manager (WDM) Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Sensitive Information in Resource Not Removed Before Reuse, Integer Underflow (Wrap or Wraparound), Deployment of Wrong Handler ...

02.09.2025

https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-03

SunPower PVS6

Titel

SunPower PVS6

Veröffentlicht

2. September 2025 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: SunPower Equipment: PVS6 Vulnerability: Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain full access to the device, enabling them to replace firmware, modify settings, ...

02.09.2025

Fuji Electric FRENIC-Loader 4

Titel

Fuji Electric FRENIC-Loader 4

Veröffentlicht

2. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: FRENIC-Loader 4 Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Fuji Electric products ...

02.09.2025

Delta Electronics EIP Builder

Titel

Delta Electronics EIP Builder

Veröffentlicht

2. September 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.7 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: EIP Builder Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially process dangerous external entities, resulting in disclosure of sensitive information. ...

August 2025

28.08.2025

Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit

Titel

Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit

Veröffentlicht

28. August 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Saitel DR RTU, Saitel DP RTU Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to escalate privileges, potentially leading to arbitrary code execution. 3. TECHNICAL ...

28.08.2025

GE Vernova CIMPLICITY

Titel

GE Vernova CIMPLICITY

Veröffentlicht

28. August 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-06

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: GE Vernova Equipment: CIMPLICITY Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of GE ...

26.08.2025