Bulletins

SIEMENS CERT
05/23/2025

SSA-367714 V1.0: Improper Integrity Check of Firmware Updates in SiPass integrated AC5102 / ACC-G2 and ACC-AP

SiPass integrated ACC (Advanced Central Controller) devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
05/22/2025

SSA-726617 V1.1 (Last Update: 2025-05-22): Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module

The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released a new version for Mendix OIDC SSO (Mendix 10 compatible) and recommends to update …
SIEMENS CERT
05/14/2025

SSA-556937 V1.1 (Last Update: 2025-05-14): Multiple Vulnerabilities in VersiCharge AC Series EV Chargers

VersiCharge AC Series EV Chargers contain two vulnerabilities that could allow an attacker to gain control of the chargers through default Modbus port or execute arbitrary code by manipulating the M0 firmware. Siemens recommends countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
05/14/2025

SSA-552330 V1.0: System Configuration Password Reset in Siveillance Video V2024 R1

The installer of Siveillance Video V2024 R1 resets the system configuration password when updating from older versions of Siveillance Video. This could inadvertently remove the password protection from system configuration files, also affecting backup data sets that were created after the update to V2024 R1. Siemens recommends to change the …
SIEMENS CERT
05/13/2025

SSA-726617 V1.0: Incorrect Privilege Assignment Vulnerability in Mendix OIDC SSO Module

The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released a new version for Mendix OIDC SSO and recommends to update to the latest …
SIEMENS CERT
05/13/2025

SSA-718393 V1.0: Partial Denial of Service Vulnerability in APOGEE PXC and TALON TC Series (BACnet) Devices

APOGEE PXC and TALON TC Series (BACnet) Devices devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the …
SIEMENS CERT
05/13/2025

SSA-767615 V1.3 (Last Update: 2025-05-13): Information Disclosure Vulnerability in SIPROTEC 5 Devices

An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products …
SIEMENS CERT
05/13/2025

SSA-673996 V1.2 (Last Update: 2025-05-13): Buffer Overflow Vulnerability in Third-Party Component in SICAM and SITIPE Products

Multiple SICAM products are affected by buffer overflow vulnerability in the IEC 61850 Client libraries from Triangle MicroWorks that could allow an unauthenticated remote attacker to create a denial of service condition by sending specially crafted MMS messages. Affected SICAM and SITIPE products: SICAM A8000 Device firmware ET85 for CP-8000/CP-8021/CP-8022 …