SIEMENS CERT
04/17/2025
Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information). Industrial Edge Device Kit contains a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Industrial Edge …
SIEMENS CERT
04/16/2025
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or …
SIEMENS CERT
04/16/2025
TeleControl Server Basic before V3.1.2.2 contains a Improper Handling of Length Parameter Inconsistency Vulnerability that could allow an attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a denial of service condition. Siemens has released a new version for TeleControl Server Basic and recommends to …
SIEMENS CERT
04/16/2025
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or …
SIEMENS CERT
04/16/2025
TeleControl Server Basic before V3.1.2.2 contains multiple SQL Injection vulnerabilities that could allow an attacker to read and write to the application’s DB, cause denial of service and execute code in an OS shell with limited “NT AUTHORITY” permissions. Siemens has conducted a root-cause analysis for potential SQL injection vulnerabilities …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : COMMGR Vulnerability : Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for an attacker to remotely access the AS3000Simulator family in the …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Lantronix Equipment : Xport Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker unauthorized access to the configuration interface and cause disruption to monitoring and operations. …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Europe B.V. Equipment : smartRTU Vulnerability : Missing Authentication for Critical Function, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy …