SIEMENS CERT
12/09/2025
Devices based on RUGGEDCOM ROX before V2.17 contain multiple high severity vulnerabilities. Siemens has released a new version for RUGGEDCOM ROX II family and recommends to update to the latest version.
SIEMENS CERT
12/09/2025
Ruggedcom ROS devices contain a temporary denial of service vulnerability that could allow an attacker to crash and restart the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/09/2025
Multiple Industrial products are affected by a vulnerability in the Interniche IP-Stack. The affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a …
SIEMENS CERT
12/09/2025
Energy Services from Siemens (previously known as Managed Applications and Services), sell solutions using Elspec G5 devices that allows a person with physical access to the device to reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.
US CERT
12/05/2025
Summary Note: This joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, joint fact sheet Primary Mitigations to Reduce Cyber Threats to Operational Technology and European Cybercrime Centre’s (EC3) Operation Eastwood, in which CISA, Federal Bureau of Investigation (FBI), …
CISA (ICS)
12/04/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : SolisCloud Equipment : Monitoring Platform (Cloud API & Device Control API) Vulnerability : Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information by manipulating …
CISA (ICS)
12/04/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : MAXHUB Equipment : MAXHUB Pivot Vulnerability : Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to request a password reset and gain unauthorized access to …
CISA (ICS)
12/04/2025
1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : GX Works2 Vulnerability : Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could open project files protected by user authentication using disclosed credential information, and obtain or modify …