August 2025
14.08.2025
US CERT (ICS)
Rockwell Automation Micro800
Title
Rockwell Automation Micro800
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-25
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Micro800 Vulnerabilities: Dependency on Vulnerable Third-Party Component, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution or may lead to privilege escalation. 3. TECHNICAL DETAILS ...
14.08.2025
US CERT (ICS)
Siemens Wibu CodeMeter Runtime
Title
Siemens Wibu CodeMeter Runtime
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-05
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Rockwell Automation FactoryTalk Viewpoint
Title
Rockwell Automation FactoryTalk Viewpoint
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-23
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Viewpoint Vulnerability: Improper Handling of Insufficient Permissions or Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could result in full privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of ...
14.08.2025
US CERT (ICS)
Siemens SIPROTEC 4 and SIPROTEC 4 Compact
Title
Siemens SIPROTEC 4 and SIPROTEC 4 Compact
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-12
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Rockwell Automation ControlLogix Ethernet Modules
Title
Rockwell Automation ControlLogix Ethernet Modules
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-28
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix Ethernet Modules Vulnerability: Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to perform memory dumps, modify memory, and control execution ...
14.08.2025
US CERT (ICS)
Siemens RUGGEDCOM CROSSBOW Station Access Controller
Title
Siemens RUGGEDCOM CROSSBOW Station Access Controller
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-08
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Siemens Web Installer
Title
Siemens Web Installer
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-22
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Siemens Third-Party Components in SINEC OS
Title
Siemens Third-Party Components in SINEC OS
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Siemens Opcenter Quality
Title
Siemens Opcenter Quality
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-06
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Rockwell FactoryTalk Linx
Title
Rockwell FactoryTalk Linx
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-24
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Rockwell Equipment: FactoryTalk Linx Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx drivers. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell ...
14.08.2025
US CERT (ICS)
Siemens SINEC OS
Title
Siemens SINEC OS
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-15
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Siemens BFCClient
Title
Siemens BFCClient
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-21
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Siemens SICAM Q100/Q200
Title
Siemens SICAM Q100/Q200
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-16
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Siemens SIMATIC RTLS Locating Manager
Title
Siemens SIMATIC RTLS Locating Manager
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
Title
Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-18
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.08.2025
US CERT (ICS)
Rockwell Automation FactoryTalk Action Manager
Title
Rockwell Automation FactoryTalk Action Manager
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-30
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Action Manager Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local unauthenticated attacker to listen to communications and manipulate the device. ...
14.08.2025
US CERT (ICS)
Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT
Title
Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-31
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT Vulnerabilities: Improper Input Validation, Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker causing a denial of service condition. 3. TECHNICAL DETAILS ...
14.08.2025
US CERT (ICS)
Rockwell Automation ArmorBlock 5000 I/O - Webserver
Title
Rockwell Automation ArmorBlock 5000 I/O - Webserver
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-27
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ArmorBlock 5000 I/O Vulnerabilities: Incorrect Authorization, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
14.08.2025
BOSCH PSIRT
Denial of Service on Rexroth Fieldbus Couplers
Title
Denial of Service on Rexroth Fieldbus Couplers
Published
Aug. 14, 2025, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-757244.html
Summary

BOSCH-SA-757244: Several fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin about a weakness in the web-based administration interface. A successful attack leads to an overload of the device and the hardware watchdog is triggered. Process data behaves according to the configured ...

14.08.2025
SIEMENS CERT
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Title
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Published
Aug. 14, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-395458.html
Summary
Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
14.08.2025
SIEMENS CERT
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRO...
Title
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Published
Aug. 14, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-201595.html
Summary
Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege ...
14.08.2025
BOSCH PSIRT
Vulnerabilities in ctrlX OS - Setup
Title
Vulnerabilities in ctrlX OS - Setup
Published
Aug. 14, 2025, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-129652.html
Summary

BOSCH-SA-129652: Vulnerabilities in ctrlX OS - Setup

13.08.2025
SIEMENS CERT
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Title
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Published
Aug. 13, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-028723.html
Summary
Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.
12.08.2025
US CERT (ICS)
AVEVA PI Integrator
Title
AVEVA PI Integrator
Published
Aug. 12, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Integrator Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Insertion of Sensitive Information into Sent Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or ...
12.08.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Monitoring Expert
Title
Schneider Electric EcoStruxure Power Monitoring Expert
Published
Aug. 12, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Server-Side Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to read arbitrary files from the ...

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
16.09.2025
US CERT
25.08.2025
US CERT (ICS)
16.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds