SIEMENS CERT
05/13/2025
INTRALOG WMS before V5 is affected by multiple vulnerabilities in the Microsoft .NET implementation as described below. Siemens has released a new version for INTRALOG WMS and recommends to update to the latest version. Please approach your INTRALOG WMS contact to resolve the reported vulnerabilities for your solution. When contacting …
SIEMENS CERT
05/13/2025
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures …
SIEMENS CERT
05/13/2025
APOGEE PXC and TALON TC Series (BACnet) Devices devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the …
SIEMENS CERT
05/13/2025
A denial of service vulnerability has been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-313313: https://cert-portal.siemens.com/productcert/html/ssa-313313.html. The products listed below use affected versions of the Nucleus software and inherently contain the vulnerability. Siemens has released new versions for several affected products and …
SIEMENS CERT
05/13/2025
Multiple SICAM products are affected by buffer overflow vulnerability in the IEC 61850 Client libraries from Triangle MicroWorks that could allow an unauthenticated remote attacker to create a denial of service condition by sending specially crafted MMS messages. Affected SICAM and SITIPE products: SICAM A8000 Device firmware ET85 for CP-8000/CP-8021/CP-8022 …
SIEMENS CERT
05/13/2025
Polarion before V2410 contains multiple vulnerabilities that could allow attackers to extract data, conduct cross-site scripting attacks or find out valid usernames. Siemens strongly recommends to update Polarion to V2410 or later versions, not only to fix the documented vulnerabilities, but also to benefit from all the other improvements and …
SIEMENS CERT
05/13/2025
Several SIMATIC S7-1500 CPU versions are affected by an authentication bypass vulnerability that could allow an unauthenticated remote attacker to gain knowledge about actual and configured maximum cycle times and communication load of the CPU. Siemens has released new versions for several affected products and recommends to update to the …
SIEMENS CERT
05/13/2025
SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems only provide weak password obfuscation. An attacker with access to the PROFINET or serial interface of the device could eavesdrop or read the stored password from the device and de-obfuscate it. The safety passwords work as protection against unauthorized operation (i.e., …