September 2025
11.09.2025
US CERT (ICS)
Siemens Industrial Edge Management OS (IEM-OS)
Title
Siemens Industrial Edge Management OS (IEM-OS)
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-06
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110
Title
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-09
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340, BMXNOE0100, and BMXNOE0110 Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to prevent firmware updates and disrupt the webserver's proper ...
11.09.2025
US CERT (ICS)
Siemens Apogee PXC and Talon TC Devices
Title
Siemens Apogee PXC and Talon TC Devices
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-05
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Daikin Security Gateway
Title
Daikin Security Gateway
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-10
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Daikin Equipment: Security Gateway Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the system. 3. TECHNICAL ...
11.09.2025
US CERT (ICS)
Siemens SIMATIC Virtualization as a Service (SIVaaS)
Title
Siemens SIMATIC Virtualization as a Service (SIVaaS)
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-02
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Siemens SINAMICS Drives
Title
Siemens SINAMICS Drives
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-03
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
11.09.2025
US CERT (ICS)
Siemens SIMOTION Tools
Title
Siemens SIMOTION Tools
Published
Sept. 11, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
09.09.2025
US CERT (ICS)
Rockwell Automation 1783-NATR
Title
Rockwell Automation 1783-NATR
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-09
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerability: Use of Platform-Dependent Third Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a memory corruption on the product. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
09.09.2025
US CERT (ICS)
ABB Cylon Aspect BMS/BAS
Title
ABB Cylon Aspect BMS/BAS
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT, NEXUS, MATRIX Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to assume ...
09.09.2025
US CERT (ICS)
Rockwell Automation FactoryTalk Optix
Title
Rockwell Automation FactoryTalk Optix
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Optix Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of FactoryTalk Optix, ...
09.09.2025
US CERT (ICS)
Rockwell Automation Analytics LogixAI
Title
Rockwell Automation Analytics LogixAI
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-08
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Rockwell Automation Equipment: Analytics LogixAI Vulnerability: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. ...
09.09.2025
US CERT (ICS)
Rockwell Automation CompactLogix® 5480
Title
Rockwell Automation CompactLogix® 5480
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix® 5480 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of CompactLogix® 5480 ...
09.09.2025
US CERT (ICS)
Rockwell Automation Stratix IOS
Title
Rockwell Automation Stratix IOS
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix IOS Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run malicious configurations without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Stratix ...
09.09.2025
US CERT (ICS)
Rockwell Automation ControlLogix 5580
Title
Rockwell Automation ControlLogix 5580
Published
Sept. 9, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-252-07
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a major nonrecoverable fault on the controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version ...
04.09.2025
US CERT (ICS)
Honeywell OneWireless Wireless Device Manager (WDM)
Title
Honeywell OneWireless Wireless Device Manager (WDM)
Published
Sept. 4, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-247-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: OneWireless Wireless Device Manager (WDM) Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Sensitive Information in Resource Not Removed Before Reuse, Integer Underflow (Wrap or Wraparound), Deployment of Wrong Handler ...
02.09.2025
US CERT (ICS)
SunPower PVS6
Title
SunPower PVS6
Published
Sept. 2, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: SunPower Equipment: PVS6 Vulnerability: Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain full access to the device, enabling them to replace firmware, modify settings, ...
02.09.2025
US CERT (ICS)
Fuji Electric FRENIC-Loader 4
Title
Fuji Electric FRENIC-Loader 4
Published
Sept. 2, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: FRENIC-Loader 4 Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Fuji Electric products ...
02.09.2025
US CERT (ICS)
Delta Electronics EIP Builder
Title
Delta Electronics EIP Builder
Published
Sept. 2, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.7 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: EIP Builder Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially process dangerous external entities, resulting in disclosure of sensitive information. ...
August 2025
28.08.2025
US CERT (ICS)
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
Title
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
Published
Aug. 28, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Saitel DR RTU, Saitel DP RTU Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to escalate privileges, potentially leading to arbitrary code execution. 3. TECHNICAL ...
28.08.2025
US CERT (ICS)
GE Vernova CIMPLICITY
Title
GE Vernova CIMPLICITY
Published
Aug. 28, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: GE Vernova Equipment: CIMPLICITY Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of GE ...
26.08.2025
US CERT (ICS)
Schneider Electric Modicon M340 Controller and Communication Modules
Title
Schneider Electric Modicon M340 Controller and Communication Modules
Published
Aug. 26, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-238-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider ...
26.08.2025
US CERT (ICS)
INVT VT-Designer and HMITool
Title
INVT VT-Designer and HMITool
Published
Aug. 26, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-238-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: INVT Equipment: VT-Designer and HMITool Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current ...
21.08.2025
US CERT (ICS)
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module
Title
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module
Published
Aug. 21, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-233-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing ...
21.08.2025
US CERT (ICS)
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module (Update A)
Title
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module (Update A)
Published
Aug. 21, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-233-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing ...
19.08.2025
US CERT (ICS)
Siemens Desigo CC Product Family and SENTRON Powermanager
Title
Siemens Desigo CC Product Family and SENTRON Powermanager
Published
Aug. 19, 2025, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-231-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
09.09.2025
US CERT
25.08.2025
US CERT (ICS)
11.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds