US CERT
06/12/2025
Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors targeting organizations …
SIEMENS CERT
06/12/2025
The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released new versions for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
06/12/2025
SSA-627195 V1.0: Zip Path Traversal Vulnerability in Mendix Studio Pro's Module Installation Process
Mendix Studio Pro contains a vulnerability in the module installation process, that could allow an attacker to write or modify arbitrary files in directories outside a developer’s project directory. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further …
BOSCH PSIRT
06/10/2025
BOSCH-SA-992447-BT: A security vulnerability has been uncovered in the REST API of the Telex Remote Dispatch Console Server and the RTS VLink Virtual Matrix Software. The vulnerability will allow a Remote Code Execution (RCE) attack. All versions < 1.3.0 of the Telex Remote Dispatch Console Server are affected by this …
SIEMENS CERT
06/10/2025
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
SIEMENS CERT
06/10/2025
The SSO login service in Teamcenter contains an open redirect vulnerability that could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/10/2025
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to …
SIEMENS CERT
06/10/2025
Several Industrial Communication Devices based on SINEC OS before V3.2 contain multiple vulnerabilities that could allow an attacker to circumvent authorization checks and perform actions that exceed the permissions of the “guest” role. Siemens has released new versions for the affected products and recommends to update to the latest versions.