Bulletins

SIEMENS CERT
12/09/2025

SSA-723487 V1.8 (Last Update: 2025-12-09): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products

This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to …
SIEMENS CERT
12/09/2025

SSA-763474 V1.0: Denial of Service Vulnerability in Ruggedcom ROS devices before V5.10.1

Ruggedcom ROS devices contain a temporary denial of service vulnerability that could allow an attacker to crash and restart the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/09/2025

SSA-626856 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Sever Before V3.2 SP4

SINEMA Remote Connect Server Before V3.2 SP4 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version.
SIEMENS CERT
12/09/2025

SSA-420375 V1.0: Improper Integrity Check of Firmware Updates in Building X - Security Manager Edge Controller (ACC-AP)

Building X - Security Manager Edge Controller (ACC-AP) devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet …
SIEMENS CERT
12/09/2025

SSA-202008 V1.0: Multiple Vulnerabilities in Ruggedcom Rox Before V2.17.0

Ruggedcom ROX familly contain multiple vulnerabilities before V2.17.0 Siemens has released new versions for the affected products and recommends to update to the latest versions.
BOSCH PSIRT
11/19/2025

Multiple vulnerabilities in MAP intrusion panel

BOSCH-SA-688644-BT: The MAP 5000 is susceptible to multiple vulnerabilities. Vulnerability CVE-2021-3449 can lead to system crashes caused by DoS attacks. Such vulnerabilities allow malicious actors to disrupt service, resulting in downtime and loss of access for legitimate users, which can severely impact business operations. Vulnerability CVE-2023-48795 constitutes a weakness in …

BOSCH PSIRT
11/19/2025

OpenSSH DoS due to signal handler race condition

BOSCH-SA-085467-BT: MAP 5000 is affected by an OpenSSH vulnerability which is enabled in a backwards compatibility mode. It allows remote attackers to cause a denial-of-service (DoS) by crashing the panel.

BOSCH PSIRT
11/19/2025

Deprecated SSH cryptographic settings

BOSCH-SA-359440-BT: A security issue has been identified in the Bosch MAP 5000 family of products, which stems from the use of insecure cryptographic algorithms in the SSH service configuration. It may expose systems to cryptographic attacks, unauthorized access, or data leakage.