SIEMENS CERT
08/12/2025
Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to …
SIEMENS CERT
08/12/2025
An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
08/12/2025
The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are …
SIEMENS CERT
08/12/2025
Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further …
SIEMENS CERT
08/12/2025
SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected products and recommends to update to the latest …
SIEMENS CERT
08/12/2025
SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER are affected by an XXE injection vulnerability that could allow an attacker to access arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends …
SIEMENS CERT
08/12/2025
RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and recommends to update to the …
SIEMENS CERT
08/12/2025
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.