August 2025
12.08.2025
SIEMENS CERT
SSA-840800 V1.5 (Last Update: 2025-08-12): Code Injection Vulnerability in RUGGEDCOM ROS
Title
SSA-840800 V1.5 (Last Update: 2025-08-12): Code Injection Vulnerability in RUGGEDCOM ROS
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-840800.html
Summary
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for ...
12.08.2025
SIEMENS CERT
SSA-787941 V1.5 (Last Update: 2025-08-12): Denial of Service Vulnerability in RUGGEDCOM ROS devices
Title
SSA-787941 V1.5 (Last Update: 2025-08-12): Denial of Service Vulnerability in RUGGEDCOM ROS devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-787941.html
Summary
RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens ...
12.08.2025
SIEMENS CERT
SSA-770902 V1.2 (Last Update: 2025-08-12): Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Title
SSA-770902 V1.2 (Last Update: 2025-08-12): Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-770902.html
Summary
A denial of service vulnerability could allow an unauthorized attacker to cause total loss of availability in the web server of the affected devices. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...
12.08.2025
SIEMENS CERT
SSA-769791 V1.0: Local Arbitrary Code Execution Vulnerability in COMOS Before V10.6
Title
SSA-769791 V1.0: Local Arbitrary Code Execution Vulnerability in COMOS Before V10.6
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-769791.html
Summary
COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-767615 V1.4 (Last Update: 2025-08-12): Information Disclosure Vulnerability in SIPROTEC 5 Devices
Title
SSA-767615 V1.4 (Last Update: 2025-08-12): Information Disclosure Vulnerability in SIPROTEC 5 Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-767615.html
Summary
An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.
12.08.2025
SIEMENS CERT
SSA-186293 V1.0: XML External Entity (XXE) Injection Vulnerability in SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER
Title
SSA-186293 V1.0: XML External Entity (XXE) Injection Vulnerability in SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-186293.html
Summary
SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER are affected by an XXE injection vulnerability that could allow an attacker to access arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends ...
12.08.2025
SIEMENS CERT
SSA-265688 V1.8 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP ...
Title
SSA-265688 V1.8 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-398330 V2.7 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSA-398330 V2.7 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP >= V3.1.0 and < V3.1.5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version >= V3.1.0 and < V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens has released new versions for the affected products and recommends to update ...
12.08.2025
SIEMENS CERT
SSA-529291 V1.0: Information Disclosure Vulnerabilities in SICAM Q100/Q200
Title
SSA-529291 V1.0: Information Disclosure Vulnerabilities in SICAM Q100/Q200
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-529291.html
Summary
SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected products and recommends to update to the latest ...
12.08.2025
SIEMENS CERT
SSA-282044 V1.0: DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery
Title
SSA-282044 V1.0: DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-282044.html
Summary
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the ...
12.08.2025
SIEMENS CERT
SSA-256353 V1.6 (Last Update: 2025-08-12): Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Title
SSA-256353 V1.6 (Last Update: 2025-08-12): Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-256353.html
Summary
Multiple vulnerabilities affect various third-party components of the RUGGEDCOM Operating System (ROS). If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions. Siemens has released new versions for several affected products and recommends to update to the latest versions. ...
12.08.2025
SIEMENS CERT
SSA-382999 V1.0: Multiple Vulnerabilities in Opcenter Quality Before V2506
Title
SSA-382999 V1.0: Multiple Vulnerabilities in Opcenter Quality Before V2506
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-382999.html
Summary
The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home (SC), SOA Audit and SOA Cockpit. Siemens has released new versions for the affected products and recommends to update to the latest versions.
12.08.2025
SIEMENS CERT
SSA-392859 V1.1 (Last Update: 2025-08-12): Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before...
Title
SSA-392859 V1.1 (Last Update: 2025-08-12): Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-392859.html
Summary
Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures ...
12.08.2025
SIEMENS CERT
SSA-177847 V1.0: Improper VNC Password Check Vulnerability in SINUMERIK Controllers
Title
SSA-177847 V1.0: Improper VNC Password Check Vulnerability in SINUMERIK Controllers
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-177847.html
Summary
Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions.
12.08.2025
SIEMENS CERT
SSA-994087 V1.0: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7
Title
SSA-994087 V1.0: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-994087.html
Summary
RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and recommends to update to the ...
12.08.2025
SIEMENS CERT
SSA-493787 V1.0: Arbitrary Code Execution Vulnerability in SIMATIC RTLS Locating Manager Before V3.2
Title
SSA-493787 V1.0: Arbitrary Code Execution Vulnerability in SIMATIC RTLS Locating Manager Before V3.2
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-493787.html
Summary
SIMATIC RTLS Locating Manager Before V3.2 contains an improper input validation vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-978177 V1.0: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices
Title
SSA-978177 V1.0: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-978177.html
Summary
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-170375 V1.1 (Last Update: 2025-08-12): Multiple Vulnerabilities in RUGGEDCOM ROS Before V5.9
Title
SSA-170375 V1.1 (Last Update: 2025-08-12): Multiple Vulnerabilities in RUGGEDCOM ROS Before V5.9
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-170375.html
Summary
Multiple vulnerabilities affect the RUGGEDCOM Operating System (ROS). The common denominator to all vulnerabilities is the leak of confidential information. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet ...
12.08.2025
SIEMENS CERT
SSA-517338 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer Before V3.0
Title
SSA-517338 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer Before V3.0
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-517338.html
Summary
SINEC Traffic Analyzer before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-082556 V1.1 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSA-082556 V1.1 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-665108 V1.0: Arbitrary File Upload Vulnerability in RUGGEDCOM ROX II
Title
SSA-665108 V1.0: Arbitrary File Upload Vulnerability in RUGGEDCOM ROX II
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-665108.html
Summary
RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the devices. Siemens is ...
12.08.2025
SIEMENS CERT
SSA-914892 V1.1 (Last Update: 2025-08-12): Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime
Title
SSA-914892 V1.1 (Last Update: 2025-08-12): Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-914892.html
Summary
The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...
12.08.2025
SIEMENS CERT
SSA-864900 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Title
SSA-864900 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Summary
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
12.08.2025
SIEMENS CERT
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-908185.html
Summary
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
07.08.2025
US CERT (ICS)
Johnson Controls FX80 and FX90
Title
Johnson Controls FX80 and FX90
Published
Aug. 7, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: FX80 and FX90 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

Last Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
12.08.2025
US CERT
29.07.2025
US CERT (ICS)
12.08.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds