CISA (ICS)
11/13/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v4 …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : SICAM P850 family and SICAM P855 family Vulnerabilities : Cross-Site Request Forgery (CSRF), Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform …
CISA (ICS)
11/13/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v4 …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Brightpick AI Equipment : Brightpick Mission Control / Internal Logic Control Vulnerabilities : Missing Authentication for Critical Function, Unprotected Transport of Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the exposure of …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION : Low attack complexity Vendor : AVEVA Equipment : Application Server IDE Vulnerability : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with help files …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : Studio 5000 Simulation Interface Vulnerabilities : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to …
SIEMENS CERT
11/11/2025
Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens …
SIEMENS CERT
11/11/2025
LOGO! 8 BM (incl. SIPLUS variants) contains multiple vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state, or change the behavior of the device. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or …