CISA (ICS)
09/09/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Activation Manager Vulnerability: Incorrect Implementation of Authentication Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could result in in data exposure, session hijacking, or full communication compromise. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS …
SIEMENS CERT
09/09/2025
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the …
SIEMENS CERT
09/09/2025
WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products. Siemens has released new versions for affected products and recommends to update to the latest versions. Siemens …
SIEMENS CERT
09/09/2025
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
09/09/2025
Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where …
SIEMENS CERT
09/09/2025
SIMATIC Virtualization as a Service (SIVaaS) is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the vulnerability.
SIEMENS CERT
09/09/2025
Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
09/09/2025
Several tools for the SIMOTION system are affected by a local privilege escalation vulnerability. This could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. This vulnerability poses a risk only during setup and installation phase …