SIEMENS CERT
05/13/2025
Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information). Industrial Edge Device Kit contains a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Industrial Edge …
SIEMENS CERT
05/13/2025
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., a SICAM device) and a RADIUS server, to forge Access-Request packets in …
SIEMENS CERT
05/13/2025
SCALANCE LPE9403 is affected by multiple vulnerabilities which lead to a compromise in availability, integrity and confidentiality. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
05/13/2025
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.
SIEMENS CERT
05/13/2025
SSA-301229 V1.0: Client-Side Enforcement of Server-Side Security Vulnerabilities in RUGGEDCOM ROX II
The web interface of RUGGEDCOM ROX II devices contain multiple Client-Side Enforcement of Server-Side Security vulnerabilities that could allow an attacker with a legitimate, highly privileged account on the web interface to get privileged code execution in the underlying OS of the affected products. Siemens has released new versions for …
SIEMENS CERT
05/13/2025
An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products …
SIEMENS CERT
05/13/2025
SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems only provide weak password obfuscation. An attacker with access to the PROFINET or serial interface of the device could eavesdrop or read the stored password from the device and de-obfuscate it. The safety passwords work as protection against unauthorized operation (i.e., …
SIEMENS CERT
05/13/2025
SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC) that could allow an attacker to gain unauthorized access and compromise confidentiality, integrity and availability of the BMC and thus the entire system. Siemens is preparing fix versions and recommends …