SIEMENS CERT
08/12/2025
Affected products do not properly sanitize user-controllable input when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing …
SIEMENS CERT
08/12/2025
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released new versions for the affected …
SIEMENS CERT
08/12/2025
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
SIEMENS CERT
08/12/2025
Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the affected application and its privileges. Siemens …
SIEMENS CERT
08/12/2025
Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.
SIEMENS CERT
08/12/2025
A vulnerability in TIA Project Server and TIA Portal could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes …
SIEMENS CERT
08/12/2025
RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens …
SIEMENS CERT
08/12/2025
A denial of service vulnerability could allow an unauthorized attacker to cause total loss of availability in the web server of the affected devices. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are …