CISA (ICS)
11/13/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v4 …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Verve Asset Manager Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker accessing or altering user data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Verve …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Policy Manager Vulnerability : Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to resource exhaustion and denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk DataMosaix Private Cloud Vulnerabilities : Weak Authentication, Improper Encoding or Escaping of Output 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take over accounts, steal credentials, …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION : Low attack complexity Vendor : AVEVA Equipment : Edge Vulnerability : Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force. 3. TECHNICAL DETAILS …
SIEMENS CERT
11/11/2025
Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. Siemens has released new versions for the affected products and recommends to update to the …
SIEMENS CERT
11/11/2025
Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens …
SIEMENS CERT
11/11/2025
The web server of SICAM P850 and SICAM P855 devices, versions before V3.11, contains a Cross Site Request Forgery (CSRF) vulnerability and is missing cookie protection flags. This could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user. Siemens …