SIEMENS CERT
06/10/2025
Palo Alto Networks has published [1] information on cross-site scripting vulnerability in PAN-OS. This advisory lists the related Siemens Industrial products affected by this vulnerability. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Customers are advised to consult and implement …
SIEMENS CERT
06/10/2025
TIM 4R-IE devices contain multiple vulnerabilities in the integrated NTP component as listed below. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
06/10/2025
Siemens Energy Services (previously known as Managed Applications and Services), sell solutions using Elspec G5 Digital Fault Recorder which contains default credentials with admin privileges. A client configuration with remote access could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device.
SIEMENS CERT
06/10/2025
Several Industrial Communication Devices based on SINEC OS before V3.2 contain multiple vulnerabilities that could allow an attacker to circumvent authorization checks and perform actions that exceed the permissions of the “guest” role. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/10/2025
The SSO login service in Teamcenter contains an open redirect vulnerability that could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/10/2025
Several Industrial Communication Devices based on SINEC OS before V3.1 contain an incorrect authorization check vulnerability that could allow an attacker to perform actions that exceed the permissions of the “guest” role. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/10/2025
A vulnerability in SIRIUS 3RV2921-5M could allow an attacker to cause a denial of service condition. Siemens has released a new version for SIRIUS 3RV2921-5M and recommends to update to the latest version.
SIEMENS CERT
06/10/2025
The web interface of RUGGEDCOM ROX II devices contain multiple Client-Side Enforcement of Server-Side Security vulnerabilities that could allow an attacker with a legitimate, highly privileged account on the web interface to get privileged code execution in the underlying OS of the affected products. Siemens has released new versions for …