BOSCH PSIRT
11/19/2025
BOSCH-SA-873110-BT: The TLS server implementation in MAP 5000 was found to use outdated settings for cryptography. The resulting weakness in the TLS protocol key exchange (Diffie-Hellman) allows an attacker to passively decrypt or intercept and manipulate secured communication. It is estimated that the required resources for a successful attack restrict …
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Schneider Electric Equipment : PowerChute Serial Shutdown Vulnerabilities : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Restriction of Excessive Authentication Attempts, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these …
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 4PM Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 4PM, a …
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 3EM Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 3EM, a smart DIN rail switch, is …
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : METZ CONNECT Equipment : EWIO2 Vulnerabilities : Authentication Bypass by Primary Weakness, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Unrestricted Upload of File with Dangerous Type, Path Traversal: '.../...//', …
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio Vulnerability : Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality …
SIEMENS CERT
11/17/2025
Mendix RichText editor contain a cross-site scripting vulnerability. Siemens has released a new version for Mendix RichText and recommends to update to the latest version.
SIEMENS CERT
11/17/2025
PS/IGES Parasolid Translator Component contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to …