Bulletins

SIEMENS CERT
05/12/2026

SSB-295699 V1.1 (Last Update: 2026-05-12): Configuration of Microsoft Defender Antivirus for SIMATIC PCS 7 and SIMATIC PCS neo

SIEMENS CERT
05/12/2026

SSA-904646 V1.1 (Last Update: 2026-05-12): Sensitive Data Exposure Vulnerability in SIPROTEC 5 Devices

A sensitive data exposure vulnerability in SIPROTEC 5 can allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
05/12/2026

SSA-265688 V2.2 (Last Update: 2026-05-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1

Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
05/12/2026

SSA-827968 V1.2 (Last Update: 2026-05-12): Vulnerability in Nozomi Guardian/CMC Before V26.2.0 on RUGGEDCOM APE1808 Devices

Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.
SIEMENS CERT
05/12/2026

SSA-392349 V1.0: Denial of Service Vulnerability in Industrial Devices

Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are …
SIEMENS CERT
05/12/2026

SSA-001536 V1.1 (Last Update: 2026-05-12): Authorization Bypass Vulnerability in Siemens Industrial Edge Devices

Siemens Industrial Edge Devices contain an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
05/12/2026

SSA-280834 V1.1 (Last Update: 2026-05-12): Improper OpenVPN Credential Validation Vulnerability in SCALANCE M-800 and SC-600 Families

SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
05/12/2026

SSA-688146 V1.0: Multiple Cross-Site Scripting Vulnerabilities in SIMATIC S7 PLCs Web Server

SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where …