August 2025
12.08.2025
US CERT (ICS)
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
Title
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
Published
Aug. 12, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR, ULTRA G2 SE, iSTAR Edge G2 Vulnerabilities: OS Command Injection, Insufficient Verification of Data Authenticity, Use of Default Credentials, Missing Protection Mechanism for Alternate ...
12.08.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Monitoring Expert
Title
Schneider Electric EcoStruxure Power Monitoring Expert
Published
Aug. 12, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Server-Side Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to read arbitrary files from the ...
12.08.2025
SIEMENS CERT
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-908185.html
Summary
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
12.08.2025
SIEMENS CERT
SSA-894058 V1.0: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5
Title
SSA-894058 V1.0: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-894058.html
Summary
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to ...
12.08.2025
SIEMENS CERT
SSA-382999 V1.0: Multiple Vulnerabilities in Opcenter Quality Before V2506
Title
SSA-382999 V1.0: Multiple Vulnerabilities in Opcenter Quality Before V2506
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-382999.html
Summary
The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home (SC), SOA Audit and SOA Cockpit. Siemens has released new versions for the affected products and recommends to update to the latest versions.
12.08.2025
SIEMENS CERT
SSA-864900 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Title
SSA-864900 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Summary
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
12.08.2025
SIEMENS CERT
SSA-028723 V1.0: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Title
SSA-028723 V1.0: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-028723.html
Summary
Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-082556 V1.1 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSA-082556 V1.1 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-400089 V1.0: Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact
Title
SSA-400089 V1.0: Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-400089.html
Summary
SIPROTEC 4 and SIPROTEC 4 Compact devices contain a vulnerability that could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures ...
12.08.2025
SIEMENS CERT
SSA-769791 V1.0: Local Arbitrary Code Execution Vulnerability in COMOS Before V10.6
Title
SSA-769791 V1.0: Local Arbitrary Code Execution Vulnerability in COMOS Before V10.6
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-769791.html
Summary
COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-460466 V1.1 (Last Update: 2025-08-12): Denial of Service Vulnerability in TIA Project-Server and TIA Portal
Title
SSA-460466 V1.1 (Last Update: 2025-08-12): Denial of Service Vulnerability in TIA Project-Server and TIA Portal
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-460466.html
Summary
A vulnerability in TIA Project Server and TIA Portal could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes ...
12.08.2025
SIEMENS CERT
SSA-355557 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2
Title
SSA-355557 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-355557.html
Summary
SINEC OS before V3.2 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
12.08.2025
SIEMENS CERT
SSA-398330 V2.7 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSA-398330 V2.7 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP >= V3.1.0 and < V3.1.5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version >= V3.1.0 and < V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens has released new versions for the affected products and recommends to update ...
12.08.2025
SIEMENS CERT
SSA-914892 V1.1 (Last Update: 2025-08-12): Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime
Title
SSA-914892 V1.1 (Last Update: 2025-08-12): Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-914892.html
Summary
The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...
12.08.2025
SIEMENS CERT
SSA-446307 V1.1 (Last Update: 2025-08-12): Authentication Bypass Vulnerability in BMC (CVE-2024-54085) affects SIMATIC IPC RS-828A
Title
SSA-446307 V1.1 (Last Update: 2025-08-12): Authentication Bypass Vulnerability in BMC (CVE-2024-54085) affects SIMATIC IPC RS-828A
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-446307.html
Summary
SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC) that could allow an attacker to gain unauthorized access and compromise confidentiality, integrity and availability of the BMC and thus the entire system. Siemens has released a new version for ...
12.08.2025
SIEMENS CERT
SSA-392859 V1.1 (Last Update: 2025-08-12): Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before...
Title
SSA-392859 V1.1 (Last Update: 2025-08-12): Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-392859.html
Summary
Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures ...
12.08.2025
SIEMENS CERT
SSA-094954 V1.0: Authentication Bypass Vulnerability in BIST mode of RUGGEDCOM ROX II
Title
SSA-094954 V1.0: Authentication Bypass Vulnerability in BIST mode of RUGGEDCOM ROX II
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-094954.html
Summary
RUGGEDCOM ROX II devices do not properly limit access through their Built-In-Self-Test (BIST) mode. This could allow a local attacker to bypass authentication and access a root shell on the device. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-674084 V1.0: File Parsing Vulnerabilities in Simcenter Femap Before V2506
Title
SSA-674084 V1.0: File Parsing Vulnerabilities in Simcenter Femap Before V2506
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-674084.html
Summary
Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the affected application, this could lead the application to crash or potentially lead to arbitrary code execution. ...
12.08.2025
SIEMENS CERT
SSA-665108 V1.0: Arbitrary File Upload Vulnerability in RUGGEDCOM ROX II
Title
SSA-665108 V1.0: Arbitrary File Upload Vulnerability in RUGGEDCOM ROX II
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-665108.html
Summary
RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the devices. Siemens is ...
12.08.2025
SIEMENS CERT
SSA-613116 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1
Title
SSA-613116 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-613116.html
Summary
SINEC OS before V3.1 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
12.08.2025
SIEMENS CERT
SSA-687955 V1.1 (Last Update: 2025-08-12): Accessible Development Shell via Physical Interface in SIPROTEC 5
Title
SSA-687955 V1.1 (Last Update: 2025-08-12): Accessible Development Shell via Physical Interface in SIPROTEC 5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-687955.html
Summary
Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released new versions for several affected products and ...
12.08.2025
SIEMENS CERT
SSA-529291 V1.0: Information Disclosure Vulnerabilities in SICAM Q100/Q200
Title
SSA-529291 V1.0: Information Disclosure Vulnerabilities in SICAM Q100/Q200
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-529291.html
Summary
SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected products and recommends to update to the latest ...
12.08.2025
SIEMENS CERT
SSA-517338 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer Before V3.0
Title
SSA-517338 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer Before V3.0
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-517338.html
Summary
SINEC Traffic Analyzer before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-764417 V1.9 (Last Update: 2025-08-12): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-764417 V1.9 (Last Update: 2025-08-12): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-764417.html
Summary
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released new versions for the affected ...
12.08.2025
SIEMENS CERT
SSA-493787 V1.0: Arbitrary Code Execution Vulnerability in SIMATIC RTLS Locating Manager Before V3.2
Title
SSA-493787 V1.0: Arbitrary Code Execution Vulnerability in SIMATIC RTLS Locating Manager Before V3.2
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-493787.html
Summary
SIMATIC RTLS Locating Manager Before V3.2 contains an improper input validation vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
16.09.2025
US CERT
25.08.2025
US CERT (ICS)
16.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds