September 2025
09.09.2025
SIEMENS CERT
SSA-503939 V1.2 (Last Update: 2025-09-09): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP
Title
SSA-503939 V1.2 (Last Update: 2025-09-09): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-503939.html
Summary
Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management
Title
SSA-640476 V1.0: Denial of Service Vulnerability in Industrial Edge Management
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-640476.html
Summary
Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Title
SSA-864900 V1.3 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Summary
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
09.09.2025
SIEMENS CERT
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Title
SSA-534283 V1.0: Insecure File Share Vulnerability in SIMATIC Virtualization as a Service (SIVaaS)
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-534283.html
Summary
SIMATIC Virtualization as a Service (SIVaaS) is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the vulnerability.
09.09.2025
SIEMENS CERT
SSA-265688 V1.9 (Last Update: 2025-09-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP ...
Title
SSA-265688 V1.9 (Last Update: 2025-09-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-494539 V1.0: Multiple Vulnerabilities in SINEC OS
Title
SSA-494539 V1.0: Multiple Vulnerabilities in SINEC OS
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-494539.html
Summary
SINEC OS is affected by multiple vulnerabilities due to open UDP ports, which could allow an attacker to access non-sensitive information without authentication or potentially cause temporary denial of service. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
09.09.2025
SIEMENS CERT
SSA-691715 V1.7 (Last Update: 2025-09-09): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Title
SSA-691715 V1.7 (Last Update: 2025-09-09): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-691715.html
Summary
A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where ...
09.09.2025
SIEMENS CERT
SSA-722410 V1.0: Multiple Vulnerabilities in User Management Component (UMC)
Title
SSA-722410 V1.0: Multiple Vulnerabilities in User Management Component (UMC)
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-722410.html
Summary
Siemens’ User Management Component (UMC) is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component (UMC) and recommends to update to the latest version. Siemens recommends ...
09.09.2025
SIEMENS CERT
SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...
Title
SSA-712929 V3.0 (Last Update: 2025-09-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-712929.html
Summary
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released new versions for several affected products and recommends to update to the ...
09.09.2025
SIEMENS CERT
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Title
SSA-563922 V1.0: Local Privilege Escalation Vulnerability in SIMOTION Tools
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-563922.html
Summary
Several tools for the SIMOTION system are affected by a local privilege escalation vulnerability. This could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. This vulnerability poses a risk only during setup and installation phase ...
09.09.2025
SIEMENS CERT
SSA-331739 V1.1 (Last Update: 2025-09-09): Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products
Title
SSA-331739 V1.1 (Last Update: 2025-09-09): Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-331739.html
Summary
WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products. Siemens has released new versions for affected products and recommends to update to the latest versions. Siemens ...
09.09.2025
SIEMENS CERT
SSA-282044 V1.1 (Last Update: 2025-09-09): DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Del...
Title
SSA-282044 V1.1 (Last Update: 2025-09-09): DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-282044.html
Summary
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the ...
09.09.2025
SIEMENS CERT
SSA-027652 V1.0: Privilege Escalation Vulnerability in SINAMICS Drives
Title
SSA-027652 V1.0: Privilege Escalation Vulnerability in SINAMICS Drives
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-027652.html
Summary
Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where ...
09.09.2025
SIEMENS CERT
SSA-366067 V1.6 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Title
SSA-366067 V1.6 (Last Update: 2025-09-09): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-366067.html
Summary
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or ...
09.09.2025
SIEMENS CERT
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Title
SSA-916339 V1.0: Information Disclosure Vulnerability in Apogee PXC and Talon TC Devices
Published
Sept. 9, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-916339.html
Summary
Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
August 2025
26.08.2025
SIEMENS CERT
SSA-707630 V1.1 (Last Update: 2025-08-26): Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Title
SSA-707630 V1.1 (Last Update: 2025-08-26): Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Published
Aug. 26, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-707630.html
Summary
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
19.08.2025
SIEMENS CERT
SSA-201595 V1.1 (Last Update: 2025-08-19): Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC...
Title
SSA-201595 V1.1 (Last Update: 2025-08-19): Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Published
Aug. 19, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-201595.html
Summary
Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege ...
18.08.2025
SIEMENS CERT
SSA-711309 V2.4 (Last Update: 2025-08-18): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Title
SSA-711309 V2.4 (Last Update: 2025-08-18): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Published
Aug. 18, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-711309.html
Summary
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released new versions for several affected products and ...
14.08.2025
SIEMENS CERT
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Title
SSA-395458 V1.0: Account Hijacking Vulnerability in Mendix SAML Module
Published
Aug. 14, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-395458.html
Summary
Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
14.08.2025
SIEMENS CERT
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRO...
Title
SSA-201595 V1.0: Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager
Published
Aug. 14, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-201595.html
Summary
Versions V5.0 through V8 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could allow privilege ...
13.08.2025
SIEMENS CERT
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Title
SSA-028723 V1.1 (Last Update: 2025-08-13): Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Published
Aug. 13, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-028723.html
Summary
Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-687955 V1.1 (Last Update: 2025-08-12): Accessible Development Shell via Physical Interface in SIPROTEC 5
Title
SSA-687955 V1.1 (Last Update: 2025-08-12): Accessible Development Shell via Physical Interface in SIPROTEC 5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-687955.html
Summary
Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released new versions for several affected products and ...
12.08.2025
SIEMENS CERT
SSA-693808 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms
Title
SSA-693808 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-693808.html
Summary
Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the affected application and its privileges. Siemens ...
12.08.2025
SIEMENS CERT
SSA-674084 V1.0: File Parsing Vulnerabilities in Simcenter Femap Before V2506
Title
SSA-674084 V1.0: File Parsing Vulnerabilities in Simcenter Femap Before V2506
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-674084.html
Summary
Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the affected application, this could lead the application to crash or potentially lead to arbitrary code execution. ...
12.08.2025
SIEMENS CERT
SSA-764417 V1.9 (Last Update: 2025-08-12): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-764417 V1.9 (Last Update: 2025-08-12): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-764417.html
Summary
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released new versions for the affected ...

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
09.09.2025
US CERT
25.08.2025
US CERT (ICS)
11.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds