SIEMENS CERT
07/08/2025
Mendix Studio Pro contains a vulnerability in the module installation process, that could allow an attacker to write or modify arbitrary files in directories outside a developer’s project directory. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
07/08/2025
SENTRON Powermanager and Desigo CC devices are not affected by a remote code execution vulnerability in Apache Tomcat that can be triggered via a partial PUT request due to a path equivalence issue. It could allow a remote attacker to execute arbitrary code, disclose sensitive information, or inject malicious content.
SIEMENS CERT
07/08/2025
A sensitive data exposure vulnerability in SIPROTEC 5 can allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
07/08/2025
Several SIMATIC S7-1500 and S7-1200 CPU versions are affected by an open redirect vulnerability that could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. For a successful attack, the legitimate user must actively click on an attacker-crafted link. Siemens …
SIEMENS CERT
07/08/2025
Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
SIEMENS CERT
07/08/2025
During establishment of a https connection to the TLS server of a managed device, SICAM TOOLBOX II improperly validates that device’s certificate. This could allow an attacker to execute an on-path network (MitM) attack. Siemens has released a new version for SICAM TOOLBOX II and recommends to update to the …
SIEMENS CERT
07/08/2025
Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or CFG format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version for Solid …
SIEMENS CERT
07/08/2025
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.