CISA (ICS)
10/16/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk ViewPoint Vulnerability : Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated attackers to achieve XML external entity injection, resulting in a …
CISA (ICS)
10/14/2025
1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : 1715 EtherNet/IP Vulnerabilities : Allocation of Resources Without Limits or Throttling, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause the web server to crash, …
SIEMENS CERT
10/14/2025
The web server on SIMATIC S7-1200 CPU V2/V3 Before V3.0.2 contains a cross-site scripting (XSS) vulnerability that could allow remote attackers to inject arbitrary web script or HTML via a crafted URI. Siemens has released a new version for SIMATIC S7-1200 CPU V3 family (incl. SIPLUS variants) and recommends to …
SIEMENS CERT
10/14/2025
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the …
SIEMENS CERT
10/14/2025
Multiple vulnerabilities affect the RUGGEDCOM Operating System (ROS). Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
10/14/2025
SIMATIC S7-1200 CPU V2 devices contain an insufficiently protected private key used for the Certificate Authority (CA) for HTTPS connections. Possession of this key could allow remote attackers to spoof the device’s web server by creating a forged web server certificate. Siemens recommends specific countermeasures for products where fixes are …
SIEMENS CERT
10/14/2025
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures …
SIEMENS CERT
10/14/2025
Several SIMATIC S7-1500 CPU versions are affected by an authentication bypass vulnerability that could allow an unauthenticated remote attacker to gain knowledge about actual and configured maximum cycle times and communication load of the CPU. Siemens has released new versions for several affected products and recommends to update to the …