CISA (ICS)
10/16/2025
1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Linx Vulnerabilities : Privilege Chaining 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow full access to all files, processes, and system resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation …
CISA (ICS)
10/16/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Machine Edition and PanelView Plus 7 Vulnerabilities : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could …
CISA (ICS)
10/14/2025
1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : 1715 EtherNet/IP Vulnerabilities : Allocation of Resources Without Limits or Throttling, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause the web server to crash, …
SIEMENS CERT
10/14/2025
The web server on SIMATIC S7-1200 CPU V2/V3 Before V3.0.2 contains a cross-site scripting (XSS) vulnerability that could allow remote attackers to inject arbitrary web script or HTML via a crafted URI. Siemens has released a new version for SIMATIC S7-1200 CPU V3 family (incl. SIPLUS variants) and recommends to …
SIEMENS CERT
10/14/2025
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the …
SIEMENS CERT
10/14/2025
SiPass integrated ACC (Advanced Central Controller) devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
10/14/2025
Multiple Siemens products are affected by a type confusion vulnerability in Google Chrome prior to 138.0.7204.96. This could allow a remote attacker to perform arbitrary code execution via a crafted HTML page. Siemens has released a new version for Industrial Edge App Publisher and recommends to update to the latest …
SIEMENS CERT
10/14/2025
SINEC NMS is affected by SQL injection vulnerability that could allow an authenticated low privileged attacker to exploit by inserting malicious data and achieve privilege escalation. Siemens has released a new version for SINEC NMS and recommends to update to the latest version.