SIEMENS CERT
05/13/2025
MS/TP Point Pickup Module devices are affected by a denial of service vulnerability that could be triggered by an attacker residing in the same BACnet network by sending a specially crafted MSTP message. A power cycle is required to restore the device’s normal operation. Siemens recommends countermeasures for products where …
SIEMENS CERT
05/13/2025
Siemens User Management Component (UMC) is affected by three vulnerabilities which could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific …
SIEMENS CERT
05/13/2025
VersiCharge AC Series EV Chargers contain two vulnerabilities that could allow an attacker to gain control of the chargers through default Modbus port or execute arbitrary code by manipulating the M0 firmware. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens …
SIEMENS CERT
05/13/2025
Siemens Teamcenter Visualization contains a out-of-bound read vulnerability that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. …
SIEMENS CERT
05/13/2025
Desigo CC deployments that use Installed Client are impacted by an information disclosure vulnerability which could result in information leak from the Desigo CC server. The other Desigo CC client options, Windows App Client and Flex Client, are not affected by this vulnerability. Siemens recommends specific countermeasures for products where …
SIEMENS CERT
04/17/2025
Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information). Industrial Edge Device Kit contains a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Industrial Edge …
SIEMENS CERT
04/16/2025
TeleControl Server Basic before V3.1.2.2 contains multiple SQL Injection vulnerabilities that could allow an attacker to read and write to the application’s DB, cause denial of service and execute code in an OS shell with limited “NT AUTHORITY” permissions. Siemens has conducted a root-cause analysis for potential SQL injection vulnerabilities …
SIEMENS CERT
04/16/2025
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or …