CISA (ICS)
11/13/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : Studio 5000 Simulation Interface Vulnerabilities : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Brightpick AI Equipment : Brightpick Mission Control / Internal Logic Control Vulnerabilities : Missing Authentication for Critical Function, Unprotected Transport of Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the exposure of …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : SICAM P850 family and SICAM P855 family Vulnerabilities : Cross-Site Request Forgery (CSRF), Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform …
CISA (ICS)
11/13/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Policy Manager Vulnerability : Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to resource exhaustion and denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED …
SIEMENS CERT
11/11/2025
The web interface of RUGGEDCOM ROX II devices contain multiple Client-Side Enforcement of Server-Side Security vulnerabilities that could allow an attacker with a legitimate, highly privileged account on the web interface to get privileged code execution in the underlying OS of the affected products. Siemens has released new versions for …
SIEMENS CERT
11/11/2025
Spectrum Power 4 before v4.70 SP12 Security Patch 2 contains multiple vulnerabilities that could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator. Siemens has released a new version for Spectrum Power 4 and recommends to update to the latest version.