SIEMENS CERT
04/16/2025
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or …
SIEMENS CERT
04/16/2025
TeleControl Server Basic before V3.1.2.2 contains a Improper Handling of Length Parameter Inconsistency Vulnerability that could allow an attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a denial of service condition. Siemens has released a new version for TeleControl Server Basic and recommends to …
SIEMENS CERT
04/16/2025
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or …
SIEMENS CERT
04/16/2025
TeleControl Server Basic before V3.1.2.2 contains multiple SQL Injection vulnerabilities that could allow an attacker to read and write to the application’s DB, cause denial of service and execute code in an OS shell with limited “NT AUTHORITY” permissions. Siemens has conducted a root-cause analysis for potential SQL injection vulnerabilities …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : COMMGR Vulnerability : Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for an attacker to remotely access the AS3000Simulator family in the …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Lantronix Equipment : Xport Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker unauthorized access to the configuration interface and cause disruption to monitoring and operations. …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Europe B.V. Equipment : smartRTU Vulnerability : Missing Authentication for Critical Function, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : ABB Equipment : M2M Gateway Vulnerabilities : Integer Overflow or Wraparound, Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Unquoted Search Path or Element, Untrusted Search Path, Use After Free, Out-of-bounds Write, Buffer Copy without Checking …