September 2025
09.09.2025
SIEMENS CERT
SSA-494539 V1.0: Multiple Vulnerabilities in SINEC OS
Title
SSA-494539 V1.0: Multiple Vulnerabilities in SINEC OS
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-494539.html
Summary
SINEC OS is affected by multiple vulnerabilities due to open UDP ports, which could allow an attacker to access non-sensitive information without authentication or potentially cause temporary denial of service. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-503939 V1.2 (Last Update: 2025-09-09): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP
Title
SSA-503939 V1.2 (Last Update: 2025-09-09): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-503939.html
Summary
Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Title
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Summary
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
09.09.2025
SIEMENS CERT
SSA-265688 V1.9 (Last Update: 2025-09-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP ...
Title
SSA-265688 V1.9 (Last Update: 2025-09-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Title
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-534283.html
Summary
SIMATIC Virtualization as a Service (SIVaaS) is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the vulnerability.
09.09.2025
SIEMENS CERT
SSA-027652 V1.0: Privilege Escalation Vulnerability in SINAMICS Drives
Title
SSA-027652 V1.0: Privilege Escalation Vulnerability in SINAMICS Drives
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-027652.html
Summary
Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where ...
09.09.2025
SIEMENS CERT
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Title
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-916339.html
Summary
Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Title
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-563922.html
Summary
Several tools for the SIMOTION system are affected by a local privilege escalation vulnerability. This could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. This vulnerability poses a risk only during setup and installation phase ...
09.09.2025
SIEMENS CERT
SSA-366067 V1.6 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Title
SSA-366067 V1.6 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-366067.html
Summary
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or ...
04.09.2025
US CERT (ICS)
Honeywell OneWireless Wireless Device Manager (WDM)
Title
Honeywell OneWireless Wireless Device Manager (WDM)
Published
Sept. 4, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-247-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: OneWireless Wireless Device Manager (WDM) Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Sensitive Information in Resource Not Removed Before Reuse, Integer Underflow (Wrap or Wraparound), Deployment of Wrong Handler ...
02.09.2025
US CERT (ICS)
Delta Electronics EIP Builder
Title
Delta Electronics EIP Builder
Published
Sept. 2, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.7 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: EIP Builder Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially process dangerous external entities, resulting in disclosure of sensitive information. ...
02.09.2025
US CERT (ICS)
SunPower PVS6
Title
SunPower PVS6
Published
Sept. 2, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: SunPower Equipment: PVS6 Vulnerability: Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain full access to the device, enabling them to replace firmware, modify settings, ...
02.09.2025
US CERT (ICS)
Fuji Electric FRENIC-Loader 4
Title
Fuji Electric FRENIC-Loader 4
Published
Sept. 2, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: FRENIC-Loader 4 Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Fuji Electric products ...
August 2025
28.08.2025
US CERT (ICS)
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
Title
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
Published
Aug. 28, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Saitel DR RTU, Saitel DP RTU Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to escalate privileges, potentially leading to arbitrary code execution. 3. TECHNICAL ...
28.08.2025
US CERT (ICS)
GE Vernova CIMPLICITY
Title
GE Vernova CIMPLICITY
Published
Aug. 28, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: GE Vernova Equipment: CIMPLICITY Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of GE ...
26.08.2025
US CERT (ICS)
Schneider Electric Modicon M340 Controller and Communication Modules
Title
Schneider Electric Modicon M340 Controller and Communication Modules
Published
Aug. 26, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-238-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider ...
26.08.2025
US CERT (ICS)
INVT VT-Designer and HMITool
Title
INVT VT-Designer and HMITool
Published
Aug. 26, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-238-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: INVT Equipment: VT-Designer and HMITool Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current ...
26.08.2025
SIEMENS CERT
SSA-707630 V1.1 (Last Update: 2025-08-26): Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Title
SSA-707630 V1.1 (Last Update: 2025-08-26): Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Published
Aug. 26, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-707630.html
Summary
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
25.08.2025
US CERT
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
Title
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
Published
Aug. 25, 2025, 3:36 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a
Summary
Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military infrastructure networks. While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) ...
21.08.2025
US CERT (ICS)
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module
Title
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module
Published
Aug. 21, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-233-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing ...
21.08.2025
US CERT (ICS)
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module (Update A)
Title
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module (Update A)
Published
Aug. 21, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-233-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing ...
19.08.2025
US CERT (ICS)
Siemens Desigo CC Product Family and SENTRON Powermanager
Title
Siemens Desigo CC Product Family and SENTRON Powermanager
Published
Aug. 19, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-231-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
19.08.2025
SIEMENS CERT
SSA-201595 V1.1 (Last Update: 2025-08-19): Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC...
Title
SSA-201595 V1.1 (Last Update: 2025-08-19): Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Published
Aug. 19, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-201595.html
Summary
Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege ...
18.08.2025
SIEMENS CERT
SSA-711309 V2.4 (Last Update: 2025-08-18): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Title
SSA-711309 V2.4 (Last Update: 2025-08-18): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Published
Aug. 18, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-711309.html
Summary
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released new versions for several affected products and ...
14.08.2025
US CERT (ICS)
Siemens Wibu CodeMeter Runtime
Title
Siemens Wibu CodeMeter Runtime
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-05
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
16.09.2025
US CERT
25.08.2025
US CERT (ICS)
16.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds