BOSCH PSIRT
11/19/2025
BOSCH-SA-359440-BT: A security issue has been identified in the Bosch MAP 5000 family of products, which stems from the use of insecure cryptographic algorithms in the SSH service configuration. It may expose systems to cryptographic attacks, unauthorized access, or data leakage.
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 4PM Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 4PM, a …
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 3EM Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 3EM, a smart DIN rail switch, is …
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio Vulnerability : Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality …
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Schneider Electric Equipment : PowerChute Serial Shutdown Vulnerabilities : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Restriction of Excessive Authentication Attempts, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these …
CISA (ICS)
11/18/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : METZ CONNECT Equipment : EWIO2 Vulnerabilities : Authentication Bypass by Primary Weakness, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Unrestricted Upload of File with Dangerous Type, Path Traversal: '.../...//', …
SIEMENS CERT
11/17/2025
Mendix RichText editor contain a cross-site scripting vulnerability. Siemens has released a new version for Mendix RichText and recommends to update to the latest version.
SIEMENS CERT
11/17/2025
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.