SIEMENS CERT
11/11/2025
SICAM GridEdge contains an improper access control vulnerability. This could allow persons with local access to the host system to inject an SSH key. Siemens has released a new version for SICAM GridEdge (Classic) and recommends to update to the latest version.
SIEMENS CERT
11/11/2025
Solid Edge is affected by improper certificate validation while connecting to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released a new version for Solid Edge SE2025 and recommends to update to the latest version.
SIEMENS CERT
11/11/2025
Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens …
SIEMENS CERT
11/11/2025
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
SIEMENS CERT
11/11/2025
Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. Siemens has released new versions for the affected products and recommends to update to the …
SIEMENS CERT
11/11/2025
The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released new versions for the affected products and recommends to update to the latest versions.
CISA (ICS)
10/23/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : Productivity Suite Vulnerabilities : Relative Path Traversal, Weak Password Recovery Mechanism for Forgotten Password, Incorrect Permission Assignment for Critical Resource, Binding to an Unrestricted IP Address 2. RISK EVALUATION Successful exploitation of these …
CISA (ICS)
10/23/2025
1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Veeder-Root Equipment : TLS4B Automatic Tank Gauge System Vulnerabilities : Improper Neutralization of Special Elements used in a Command ('Command Injection'), Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers …