• 1
  • 2 (current)
  • 3
  • 4
Thursday, 14.08.2025
14:00
US CERT (ICS)
Siemens BFCClient
Title
Siemens BFCClient
Published
Aug. 14, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-21
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
02:00
BOSCH PSIRT
Vulnerabilities in ctrlX OS - Setup
Title
Vulnerabilities in ctrlX OS - Setup
Published
Aug. 14, 2025, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-129652.html
Summary

BOSCH-SA-129652: Vulnerabilities in ctrlX OS - Setup

02:00
SIEMENS CERT
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRO...
Title
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Published
Aug. 14, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-201595.html
Summary
Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege ...
02:00
SIEMENS CERT
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Title
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Published
Aug. 14, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-395458.html
Summary
Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
02:00
BOSCH PSIRT
Denial of Service on Rexroth Fieldbus Couplers
Title
Denial of Service on Rexroth Fieldbus Couplers
Published
Aug. 14, 2025, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-757244.html
Summary

BOSCH-SA-757244: Several fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact. The manufacturer published a security bulletin about a weakness in the web-based administration interface. A successful attack leads to an overload of the device and the hardware watchdog is triggered. Process data behaves according to the configured ...

Wednesday, 13.08.2025
02:00
SIEMENS CERT
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Title
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Published
Aug. 13, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-028723.html
Summary
Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.
Tuesday, 12.08.2025
14:00
US CERT (ICS)
Schneider Electric EcoStruxure Power Monitoring Expert
Title
Schneider Electric EcoStruxure Power Monitoring Expert
Published
Aug. 12, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Server-Side Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to read arbitrary files from the ...
14:00
US CERT (ICS)
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
Title
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
Published
Aug. 12, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR, ULTRA G2 SE, iSTAR Edge G2 Vulnerabilities: OS Command Injection, Insufficient Verification of Data Authenticity, Use of Default Credentials, Missing Protection Mechanism for Alternate ...
14:00
US CERT (ICS)
Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
Title
Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
Published
Aug. 12, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Ashlar-Vellum Equipment: Cobalt, Xenon, Argon, Lithium, Cobalt Share Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 3. TECHNICAL ...
14:00
US CERT (ICS)
AVEVA PI Integrator
Title
AVEVA PI Integrator
Published
Aug. 12, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Integrator Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Insertion of Sensitive Information into Sent Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or ...
02:00
SIEMENS CERT
SSA-613116 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1
Title
SSA-613116 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-613116.html
Summary
SINEC OS before V3.1 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
02:00
SIEMENS CERT
SSA-529291 V1.0: Information Disclosure Vulnerabilities in SICAM Q100/Q200
Title
SSA-529291 V1.0: Information Disclosure Vulnerabilities in SICAM Q100/Q200
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-529291.html
Summary
SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected products and recommends to update to the latest ...
02:00
SIEMENS CERT
SSA-517338 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer Before V3.0
Title
SSA-517338 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer Before V3.0
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-517338.html
Summary
SINEC Traffic Analyzer before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
02:00
SIEMENS CERT
SSA-493787 V1.0: Arbitrary Code Execution Vulnerability in SIMATIC RTLS Locating Manager Before V3.2
Title
SSA-493787 V1.0: Arbitrary Code Execution Vulnerability in SIMATIC RTLS Locating Manager Before V3.2
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-493787.html
Summary
SIMATIC RTLS Locating Manager Before V3.2 contains an improper input validation vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
02:00
SIEMENS CERT
SSA-493396 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms
Title
SSA-493396 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-493396.html
Summary
Affected products do not properly sanitize user-controllable input when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing ...
02:00
SIEMENS CERT
SSA-460466 V1.1 (Last Update: 2025-08-12): Denial of Service Vulnerability in TIA Project-Server and TIA Portal
Title
SSA-460466 V1.1 (Last Update: 2025-08-12): Denial of Service Vulnerability in TIA Project-Server and TIA Portal
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-460466.html
Summary
A vulnerability in TIA Project Server and TIA Portal could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes ...
02:00
SIEMENS CERT
SSA-446307 V1.1 (Last Update: 2025-08-12): Authentication Bypass Vulnerability in BMC (CVE-2024-54085) affects SIMATIC IPC RS-828A
Title
SSA-446307 V1.1 (Last Update: 2025-08-12): Authentication Bypass Vulnerability in BMC (CVE-2024-54085) affects SIMATIC IPC RS-828A
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-446307.html
Summary
SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC) that could allow an attacker to gain unauthorized access and compromise confidentiality, integrity and availability of the BMC and thus the entire system. Siemens has released a new version for ...
02:00
SIEMENS CERT
SSA-400089 V1.0: Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact
Title
SSA-400089 V1.0: Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-400089.html
Summary
SIPROTEC 4 and SIPROTEC 4 Compact devices contain a vulnerability that could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures ...
02:00
SIEMENS CERT
SSA-398330 V2.7 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSA-398330 V2.7 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP >= V3.1.0 and < V3.1.5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version >= V3.1.0 and < V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens has released new versions for the affected products and recommends to update ...
02:00
SIEMENS CERT
SSA-392859 V1.1 (Last Update: 2025-08-12): Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before...
Title
SSA-392859 V1.1 (Last Update: 2025-08-12): Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-392859.html
Summary
Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures ...
02:00
SIEMENS CERT
SSA-382999 V1.0: Multiple Vulnerabilities in Opcenter Quality Before V2506
Title
SSA-382999 V1.0: Multiple Vulnerabilities in Opcenter Quality Before V2506
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-382999.html
Summary
The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home (SC), SOA Audit and SOA Cockpit. Siemens has released new versions for the affected products and recommends to update to the latest versions.
02:00
SIEMENS CERT
SSA-355557 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2
Title
SSA-355557 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-355557.html
Summary
SINEC OS before V3.2 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
02:00
SIEMENS CERT
SSA-353002 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG ...
Title
SSA-353002 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-353002.html
Summary
SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family is affected by multiple vulnerabilities. CVE-2023-44318 and CVE-2023-44321 were previously published as part of SSA-699386. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
02:00
SIEMENS CERT
SSA-331739 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products
Title
SSA-331739 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-331739.html
Summary
WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products. Siemens has released new versions for affected products and recommends to update to the latest versions. Siemens ...
02:00
SIEMENS CERT
SSA-282044 V1.0: DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery
Title
SSA-282044 V1.0: DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-282044.html
Summary
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the ...
  • 1
  • 2 (current)
  • 3
  • 4

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
26.08.2025
US CERT
29.07.2025
US CERT (ICS)
26.08.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds