July 2025
08.07.2025
SIEMENS CERT
SSA-327438 V1.1 (Last Update: 2025-07-08): Multiple Vulnerabilities in SCALANCE LPE9403
Title
SSA-327438 V1.1 (Last Update: 2025-07-08): Multiple Vulnerabilities in SCALANCE LPE9403
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-327438.html
Summary
SCALANCE LPE9403 is affected by multiple vulnerabilities which lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SCALANCE LPE9403 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, ...
08.07.2025
SIEMENS CERT
SSA-366067 V1.5 (Last Update: 2025-07-08): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Title
SSA-366067 V1.5 (Last Update: 2025-07-08): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-366067.html
Summary
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or ...
08.07.2025
SIEMENS CERT
SSA-626991 V1.0: Denial of Service Vulnerability in SIMATIC CN 4100 before V4.0
Title
SSA-626991 V1.0: Denial of Service Vulnerability in SIMATIC CN 4100 before V4.0
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-626991.html
Summary
A vulnerability in SIMATIC CN 4100 could allow an attacker to cause a denial of service condition. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version.
08.07.2025
SIEMENS CERT
SSA-614723 V1.1 (Last Update: 2025-07-08): Denial of Service Vulnerabilities in User Management Component (UMC)
Title
SSA-614723 V1.1 (Last Update: 2025-07-08): Denial of Service Vulnerabilities in User Management Component (UMC)
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-614723.html
Summary
Siemens User Management Component (UMC) is affected by three vulnerabilities which could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific ...
08.07.2025
SIEMENS CERT
SSA-265688 V1.7 (Last Update: 2025-07-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP ...
Title
SSA-265688 V1.7 (Last Update: 2025-07-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
08.07.2025
SIEMENS CERT
SSA-627195 V1.1 (Last Update: 2025-07-08): Zip Path Traversal Vulnerability in Mendix Studio Pro's Module Installation Process
Title
SSA-627195 V1.1 (Last Update: 2025-07-08): Zip Path Traversal Vulnerability in Mendix Studio Pro's Module Installation Process
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-627195.html
Summary
Mendix Studio Pro contains a vulnerability in the module installation process, that could allow an attacker to write or modify arbitrary files in directories outside a developer’s project directory. Siemens has released new versions for the affected products and recommends to update to the latest versions.
08.07.2025
SIEMENS CERT
SSA-573669 V1.0: Multiple Vulnerabilities in TIA Administrator Before V3.0.6
Title
SSA-573669 V1.0: Multiple Vulnerabilities in TIA Administrator Before V3.0.6
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-573669.html
Summary
Siemens TIA Administrator before V3.0.6 contains multiple vulnerabilities which could allow an attacker to escalate privilege or exceute arbitrary code during installations. Siemens has released a new version for TIA Administrator and recommends to update to the latest version.
08.07.2025
SIEMENS CERT
SSA-513708 V1.1 (Last Update: 2025-07-08): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Dev...
Title
SSA-513708 V1.1 (Last Update: 2025-07-08): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-513708.html
Summary
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Customers are advised to consult and implement the workarounds ...
08.07.2025
SIEMENS CERT
SSA-634640 V1.1 (Last Update: 2025-07-08): Weak Authentication Vulnerability in Siemens Industrial Edge Devices
Title
SSA-634640 V1.1 (Last Update: 2025-07-08): Weak Authentication Vulnerability in Siemens Industrial Edge Devices
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-634640.html
Summary
Siemens Industrial Edge Devices contain a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for the affected products and recommends to update to the latest versions.
08.07.2025
SIEMENS CERT
SSA-876787 V1.8 (Last Update: 2025-07-08): Open Redirect Vulnerability in SIMATIC S7-1500 and S7-1200 CPUs
Title
SSA-876787 V1.8 (Last Update: 2025-07-08): Open Redirect Vulnerability in SIMATIC S7-1500 and S7-1200 CPUs
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-876787.html
Summary
Several SIMATIC S7-1500 and S7-1200 CPU versions are affected by an open redirect vulnerability that could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. For a successful attack, the legitimate user must actively click on an attacker-crafted link. Siemens ...
07.07.2025
SIEMENS CERT
SSB-104599 V1.0: Increasing Cyber Threats to Industrial Control Systems
Title
SSB-104599 V1.0: Increasing Cyber Threats to Industrial Control Systems
Published
July 7, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssb-104599.html
Summary
03.07.2025
US CERT (ICS)
Mitsubishi Electric MELSOFT Update Manager
Title
Mitsubishi Electric MELSOFT Update Manager
Published
July 3, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-184-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT Update Manager Vulnerabilities: Integer Underflow (Wrap or Wraparound), Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, disclose information, alter information, or ...
03.07.2025
US CERT (ICS)
Hitachi Energy MicroSCADA X SYS600
Title
Hitachi Energy MicroSCADA X SYS600
Published
July 3, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-184-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA X SYS600 Vulnerabilities: Incorrect Default Permissions, External Control of File Name or Path, Improper Validation of Integrity Check Value, Exposure of Sensitive Information Through Data Queries, Improper Certificate Validation 2. RISK EVALUATION ...
01.07.2025
US CERT (ICS)
FESTO Didactic CP, MPS 200, and MPS 400 Firmware
Title
FESTO Didactic CP, MPS 200, and MPS 400 Firmware
Published
July 1, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Didactic Equipment: CP, MPS 200, MPS 400 Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write arbitrary data ...
01.07.2025
US CERT (ICS)
Hitachi Energy Relion 670/650 and SAM600-IO Series
Title
Hitachi Energy Relion 670/650 and SAM600-IO Series
Published
July 1, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650 and SAM600-IO Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to cause a denial-of-service that disrupts critical functions in the ...
01.07.2025
US CERT (ICS)
FESTO Hardware Controller, Hardware Servo Press Kit
Title
FESTO Hardware Controller, Hardware Servo Press Kit
Published
July 1, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Equipment: Hardware Controller, Hardware Servo Press Kit Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute ...
01.07.2025
US CERT (ICS)
Voltronic Power and PowerShield UPS Monitoring Software
Title
Voltronic Power and PowerShield UPS Monitoring Software
Published
July 1, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Voltronic Power, PowerShield Equipment: Viewpower, NetGuard Vulnerabilities: Exposed Dangerous Method or Function, Forced Browsing 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker remotely to make configuration changes, resulting in shutting down ...
01.07.2025
US CERT (ICS)
FESTO CODESYS
Title
FESTO CODESYS
Published
July 1, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO Equipment: CODESYS Vulnerabilities: Partial String Comparison, Uncontrolled Resource Consumption, Memory Allocation with Excessive Size Value 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to block legitimate user connections, crash the application, ...
01.07.2025
US CERT (ICS)
FESTO Automation Suite, FluidDraw, and Festo Didactic Products
Title
FESTO Automation Suite, FluidDraw, and Festo Didactic Products
Published
July 1, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FESTO, FESTO Didactic Equipment: CIROS Studio / Education, Automation Suite, FluidDraw, FluidSIM, MES-PC Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full control of the host system, ...
June 2025
26.06.2025
US CERT (ICS)
TrendMakers Sight Bulb Pro
Title
TrendMakers Sight Bulb Pro
Published
June 26, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Low attack complexity Vendor: TrendMakers Equipment: Sight Bulb Pro Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Improper Neutralization of Special Elements used in a Command ('Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker ...
24.06.2025
US CERT (ICS)
ControlID iDSecure On-Premises
Title
ControlID iDSecure On-Premises
Published
June 24, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-05
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ControlID Equipment: iDSecure On-premises Vulnerabilities: Improper Authentication, Server-Side Request Forgery (SSRF), SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, retrieve information, leak arbitrary data, or perform SQL ...
24.06.2025
US CERT (ICS)
Kaleris Navis N4 Terminal Operating System
Title
Kaleris Navis N4 Terminal Operating System
Published
June 24, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kaleris Equipment: Navis N4 Vulnerabilities: Deserialization of Untrusted Data, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely exploit the operating system, achieve remote code execution, ...
24.06.2025
US CERT (ICS)
Schneider Electric EVLink WallBox
Title
Schneider Electric EVLink WallBox
Published
June 24, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EVLink WallBox Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Neutralization of Special Elements used in an OS ...
24.06.2025
US CERT (ICS)
Parsons AccuWeather Widget
Title
Parsons AccuWeather Widget
Published
June 24, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Parsons Equipment: AccuWeather and Custom RSS widget Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to insert a malicious link that users might access through the RSS feed. 3. ...
24.06.2025
US CERT (ICS)
MICROSENS NMP Web+
Title
MICROSENS NMP Web+
Published
June 24, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: MICROSENS Equipment: NMP Web+ Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Insufficient Session Expiration, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker ...

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
19.08.2025
US CERT
29.07.2025
US CERT (ICS)
21.08.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds