US CERT
06/12/2025
Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors targeting organizations …
SIEMENS CERT
06/12/2025
SSA-627195 V1.0: Zip Path Traversal Vulnerability in Mendix Studio Pro's Module Installation Process
Mendix Studio Pro contains a vulnerability in the module installation process, that could allow an attacker to write or modify arbitrary files in directories outside a developer’s project directory. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further …
SIEMENS CERT
06/12/2025
The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released new versions for several affected products and recommends to update to the latest versions. …
BOSCH PSIRT
06/10/2025
BOSCH-SA-992447-BT: A security vulnerability has been uncovered in the REST API of the Telex Remote Dispatch Console Server and the RTS VLink Virtual Matrix Software. The vulnerability will allow a Remote Code Execution (RCE) attack. All versions < 1.3.0 of the Telex Remote Dispatch Console Server are affected by this …
SIEMENS CERT
06/10/2025
A vulnerability in SIRIUS 3RV2921-5M could allow an attacker to cause a denial of service condition. Siemens has released a new version for SIRIUS 3RV2921-5M and recommends to update to the latest version.
SIEMENS CERT
06/10/2025
Palo Alto Networks has published [1] information on cross-site scripting vulnerability in PAN-OS. This advisory lists the related Siemens Industrial products affected by this vulnerability. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Customers are advised to consult and implement …
SIEMENS CERT
06/10/2025
TIM 4R-IE devices contain multiple vulnerabilities in the integrated NTP component as listed below. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
06/10/2025
SENTRON Powercenter devices are not affected by a denial of service vulnerability that can be triggered during BLE (Bluetooth Low Energy) pairing. Note: Unlike stated in the initial version of this security advisory from 2024-12-10, detailed analysis has shown that SENTRON Powercenter devices are not affected by this vulnerability.