SIEMENS CERT
11/11/2025
The web server of SICAM P850 and SICAM P855 devices, versions before V3.11, contains a Cross Site Request Forgery (CSRF) vulnerability and is missing cookie protection flags. This could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user. Siemens …
SIEMENS CERT
11/11/2025
SICAM GridEdge contains an improper access control vulnerability. This could allow persons with local access to the host system to inject an SSH key. Siemens has released a new version for SICAM GridEdge (Classic) and recommends to update to the latest version.
SIEMENS CERT
11/11/2025
COMOS is affected by two vulnerabilities that could allow an attacker to execute arbitrary code or lead to data infiltration. Siemens has released a new version for COMOS and recommends to update to the latest version.
SIEMENS CERT
11/11/2025
Multiple vulnerabilities were identified in the web server of the SICAM GridEdge application which includes missing authentication for critical API functions, absent cross-origin resource sharing restrictions and access to credentials. Siemens has released a new version for SICAM GridEdge (Classic) and recommends to update to the latest version.
SIEMENS CERT
11/11/2025
Solid Edge is affected by improper certificate validation while connecting to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released a new version for Solid Edge SE2025 and recommends to update to the latest version.
SIEMENS CERT
11/11/2025
The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
11/11/2025
Devices of the SIPROTEC 5 family contain a vulnerability related to secure client-initiated renegotiation. This could allow an unauthenticated attacker to cause a denial of service condition for the duration of the attack. Siemens has released new versions for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
11/11/2025
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the …