Tuesday, 12.08.2025
Title
SSA-787941 V1.5 (Last Update: 2025-08-12): Denial of Service Vulnerability in RUGGEDCOM ROS devices
Published
Aug. 12, 2025, 2 a.m.
Summary
RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens ...
Title
SSA-770770 V1.6 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices
Published
Aug. 12, 2025, 2 a.m.
Summary
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.
Title
SSA-994087 V1.0: Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7
Published
Aug. 12, 2025, 2 a.m.
Summary
RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and recommends to update to the ...
Title
SSA-978177 V1.0: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices
Published
Aug. 12, 2025, 2 a.m.
Summary
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Title
SSA-914892 V1.1 (Last Update: 2025-08-12): Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime
Published
Aug. 12, 2025, 2 a.m.
Summary
The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...
Thursday, 07.08.2025
Title
Packet Power EMX and EG
Published
Aug. 7, 2025, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Packet Power Equipment: EMX, EG Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full access to the device without authentication. 3. TECHNICAL DETAILS 3.1 ...
Title
Yealink IP Phones and RPS (Redirect and Provisioning Service)
Published
Aug. 7, 2025, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Yealink Equipment: IP Phones Vulnerability: Improper Restriction of Excessive Authentication Attempts, Allocation of Resources Without Limits or Throttling, Incorrect Authorization, Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an information ...
Title
EG4 Electronics EG4 Inverters
Published
Aug. 7, 2025, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: EG4 Electronics Equipment: EG4 Inverters Vulnerabilities: Cleartext Transmission of Sensitive Information, Download of Code Without Integrity Check, Observable Discrepancy, Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an ...
Title
Burk Technology ARC Solo
Published
Aug. 7, 2025, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Burk Technology Equipment: ARC Solo Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining access to the device, locking out authorized users, or disrupting operations. ...
Title
Dreame Technology iOS and Android Mobile Applications
Published
Aug. 7, 2025, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Dreame Technology Equipment: Dreamehome and MOVAhome mobile applications Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthorized information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the ...
Title
Johnson Controls FX80 and FX90
Published
Aug. 7, 2025, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: FX80 and FX90 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
Title
Delta Electronics DIAView
Published
Aug. 7, 2025, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAView Vulnerability: Improper Limitation of a Pathname to a Restricted Directory 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to read or write files on the affected device. ...
Tuesday, 05.08.2025
Title
Tigo Energy Cloud Connect Advanced
Published
Aug. 5, 2025, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Tigo Energy Equipment: Cloud Connect Advanced Vulnerabilities: Use of Hard-coded Credentials, Command Injection, Predictable Seed in Pseudo-Random Number Generator (PRNG). 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized administrative access ...
Title
Mitsubishi Electric Iconics Digital Solutions Multiple Products
Published
Aug. 5, 2025, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.1 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric Equipment: ICONICS Product Suite and Mitsubishi Electric MC Works64 Vulnerability: Windows Shortcut Following (.LNK) 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information tampering. 3. TECHNICAL DETAILS ...

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
26.08.2025
US CERT
29.07.2025
US CERT (ICS)
26.08.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds