SIEMENS CERT
10/14/2025
Affected products do not properly sanitize user-controllable input when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing …
SIEMENS CERT
10/14/2025
The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition. Siemens has released updates for the affected products and recommends to update to the …
SIEMENS CERT
10/14/2025
SINEC NMS is affected by SQL injection vulnerability that could allow an authenticated low privileged attacker to exploit by inserting malicious data and achieve privilege escalation. Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
SIEMENS CERT
10/14/2025
The web server on SIMATIC S7-1200 CPU V2/V3 Before V3.0.2 contains a cross-site scripting (XSS) vulnerability that could allow remote attackers to inject arbitrary web script or HTML via a crafted URI. Siemens has released a new version for SIMATIC S7-1200 CPU V3 family (incl. SIPLUS variants) and recommends to …
SIEMENS CERT
10/14/2025
Several SIMATIC S7-1500 and S7-1200 CPU versions are affected by an open redirect vulnerability that could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. For a successful attack, the legitimate user must actively click on an attacker-crafted link. Siemens …
SIEMENS CERT
10/14/2025
SIMATIC S7-1200 CPU V2 devices contain an insufficiently protected private key used for the Certificate Authority (CA) for HTTPS connections. Possession of this key could allow remote attackers to spoof the device’s web server by creating a forged web server certificate. Siemens recommends specific countermeasures for products where fixes are …
SIEMENS CERT
10/14/2025
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
10/14/2025
Several SIMATIC S7-1500 CPU versions are affected by an authentication bypass vulnerability that could allow an unauthenticated remote attacker to gain knowledge about actual and configured maximum cycle times and communication load of the CPU. Siemens has released new versions for several affected products and recommends to update to the …