August 2025
12.08.2025
SIEMENS CERT
SSA-978177 V1.0: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices
Title
SSA-978177 V1.0: Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-978177.html
Summary
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-894058 V1.0: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5
Title
SSA-894058 V1.0: Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-894058.html
Summary
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to ...
12.08.2025
SIEMENS CERT
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-908185 V1.2 (Last Update: 2025-08-12): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-908185.html
Summary
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
12.08.2025
SIEMENS CERT
SSA-914892 V1.1 (Last Update: 2025-08-12): Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime
Title
SSA-914892 V1.1 (Last Update: 2025-08-12): Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-914892.html
Summary
The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...
12.08.2025
SIEMENS CERT
SSA-382999 V1.0: Multiple Vulnerabilities in Opcenter Quality Before V2506
Title
SSA-382999 V1.0: Multiple Vulnerabilities in Opcenter Quality Before V2506
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-382999.html
Summary
The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home (SC), SOA Audit and SOA Cockpit. Siemens has released new versions for the affected products and recommends to update to the latest versions.
12.08.2025
SIEMENS CERT
SSA-770770 V1.6 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices
Title
SSA-770770 V1.6 (Last Update: 2025-08-12): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-770770.html
Summary
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-355557 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2
Title
SSA-355557 V1.0: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-355557.html
Summary
SINEC OS before V3.2 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
12.08.2025
SIEMENS CERT
SSA-353002 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG ...
Title
SSA-353002 V1.2 (Last Update: 2025-08-12): Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-353002.html
Summary
SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family is affected by multiple vulnerabilities. CVE-2023-44318 and CVE-2023-44321 were previously published as part of SSA-699386. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-840800 V1.5 (Last Update: 2025-08-12): Code Injection Vulnerability in RUGGEDCOM ROS
Title
SSA-840800 V1.5 (Last Update: 2025-08-12): Code Injection Vulnerability in RUGGEDCOM ROS
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-840800.html
Summary
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for ...
12.08.2025
SIEMENS CERT
SSA-856721 V1.3 (Last Update: 2025-08-12): Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Dev...
Title
SSA-856721 V1.3 (Last Update: 2025-08-12): Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-856721.html
Summary
The RUGGEDCOM RCDP protocol is not properly configured after commissioning of RUGGEDCOM ROS based devices and some SCALANCE X switch models and could allow unauthenticated remote users to perform administrative operations. An attacker must be in the same adjacent network and the RCDP daemon must be enabled in order to ...
12.08.2025
SIEMENS CERT
SSA-770902 V1.2 (Last Update: 2025-08-12): Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Title
SSA-770902 V1.2 (Last Update: 2025-08-12): Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-770902.html
Summary
A denial of service vulnerability could allow an unauthorized attacker to cause total loss of availability in the web server of the affected devices. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...
12.08.2025
SIEMENS CERT
SSA-787941 V1.5 (Last Update: 2025-08-12): Denial of Service Vulnerability in RUGGEDCOM ROS devices
Title
SSA-787941 V1.5 (Last Update: 2025-08-12): Denial of Service Vulnerability in RUGGEDCOM ROS devices
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-787941.html
Summary
RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens ...
12.08.2025
SIEMENS CERT
SSA-674084 V1.0: File Parsing Vulnerabilities in Simcenter Femap Before V2506
Title
SSA-674084 V1.0: File Parsing Vulnerabilities in Simcenter Femap Before V2506
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-674084.html
Summary
Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the affected application, this could lead the application to crash or potentially lead to arbitrary code execution. ...
12.08.2025
SIEMENS CERT
SSA-082556 V1.1 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSA-082556 V1.1 (Last Update: 2025-08-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
12.08.2025
SIEMENS CERT
SSA-707630 V1.0: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Title
SSA-707630 V1.0: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-707630.html
Summary
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
12.08.2025
SIEMENS CERT
SSA-028723 V1.0: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Title
SSA-028723 V1.0: Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17
Published
Aug. 12, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-028723.html
Summary
Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.
July 2025
21.07.2025
SIEMENS CERT
SSA-725549 V1.3 (Last Update: 2025-07-21): Denial of Service of ICMP in Industrial Devices
Title
SSA-725549 V1.3 (Last Update: 2025-07-21): Denial of Service of ICMP in Industrial Devices
Published
July 21, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-725549.html
Summary
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP packets. A successful attack will impact the availability ...
18.07.2025
SIEMENS CERT
SSA-183963 V1.1 (Last Update: 2025-07-18): Certificate Validation Vulnerabilities in SICAM TOOLBOX II Before V07.11
Title
SSA-183963 V1.1 (Last Update: 2025-07-18): Certificate Validation Vulnerabilities in SICAM TOOLBOX II Before V07.11
Published
July 18, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-183963.html
Summary
During establishment of a https connection to the TLS server of a managed device, SICAM TOOLBOX II improperly validates that device’s certificate. This could allow an attacker to execute an on-path network (MitM) attack. Siemens has released a new version for SICAM TOOLBOX II and recommends to update to the ...
10.07.2025
SIEMENS CERT
SSA-725549 V1.2 (Last Update: 2025-07-10): Denial of Service of ICMP in Industrial Devices
Title
SSA-725549 V1.2 (Last Update: 2025-07-10): Denial of Service of ICMP in Industrial Devices
Published
July 10, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-725549.html
Summary
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP packets. A successful attack will impact the availability ...
08.07.2025
SIEMENS CERT
SSA-183963 V1.0: Certificate Validation Vulnerabilities in SICAM TOOLBOX II Before V07.11
Title
SSA-183963 V1.0: Certificate Validation Vulnerabilities in SICAM TOOLBOX II Before V07.11
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-183963.html
Summary
During establishment of a https connection to the TLS server of a managed device, SICAM TOOLBOX II improperly validates that device’s certificate. This could allow an attacker to execute an on-path network (MitM) attack. Siemens has released a new version for SICAM TOOLBOX II and recommends to update to the ...
08.07.2025
SIEMENS CERT
SSA-904646 V1.0: Sensitive Data Exposure Vulnerability in SIPROTEC 5 Devices
Title
SSA-904646 V1.0: Sensitive Data Exposure Vulnerability in SIPROTEC 5 Devices
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-904646.html
Summary
A sensitive data exposure vulnerability in SIPROTEC 5 can allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
08.07.2025
SIEMENS CERT
SSA-091753 V1.0: Multiple Vulnerabilities in Solid Edge Before SE2025 Update 5
Title
SSA-091753 V1.0: Multiple Vulnerabilities in Solid Edge Before SE2025 Update 5
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-091753.html
Summary
Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or CFG format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version for Solid ...
08.07.2025
SIEMENS CERT
SSA-327438 V1.1 (Last Update: 2025-07-08): Multiple Vulnerabilities in SCALANCE LPE9403
Title
SSA-327438 V1.1 (Last Update: 2025-07-08): Multiple Vulnerabilities in SCALANCE LPE9403
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-327438.html
Summary
SCALANCE LPE9403 is affected by multiple vulnerabilities which lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SCALANCE LPE9403 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, ...
08.07.2025
SIEMENS CERT
SSA-876787 V1.8 (Last Update: 2025-07-08): Open Redirect Vulnerability in SIMATIC S7-1500 and S7-1200 CPUs
Title
SSA-876787 V1.8 (Last Update: 2025-07-08): Open Redirect Vulnerability in SIMATIC S7-1500 and S7-1200 CPUs
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-876787.html
Summary
Several SIMATIC S7-1500 and S7-1200 CPU versions are affected by an open redirect vulnerability that could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. For a successful attack, the legitimate user must actively click on an attacker-crafted link. Siemens ...
08.07.2025
SIEMENS CERT
SSA-265688 V1.7 (Last Update: 2025-07-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP ...
Title
SSA-265688 V1.7 (Last Update: 2025-07-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
Published
July 8, 2025, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
09.09.2025
US CERT
25.08.2025
US CERT (ICS)
11.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds