siemens

Siemens has confirmed that multiple products running SINEC OS versions earlier than 3.3 include third‑party components with dozens of security flaws — a broad, high‑impact update that requires immediate attention from operators of RUGGEDCOM and SCALANCE devices, and from any team responsible for...

Siemens has released an urgent security update for NX after researchers discovered a cluster of high‑severity file‑parsing vulnerabilities in the way the product reads CGM (Computer Graphics Metafile) files; the flaws—tracked as CVE‑2026‑22923, CVE‑2026‑22924 and CVE‑2026‑22925—can cause...

Siemens has disclosed a critical authorization‑bypass flaw in its Industrial Edge product family (tracked as CVE‑2025‑40805) that allows unauthenticated remote actors to circumvent authentication on specific API endpoints and impersonate legitimate users; Siemens has issued updated releases for...

Siemens has warned that a flaw in the way several SIMATIC and SIPLUS ET 200 devices handle S7 protocol session disconnects can be weaponized to cause a denial‑of‑service (DoS) condition: a properly formed S7 Disconnect Request (a COTP DR TPDU) sent to TCP port 102 may push the device into an...

Siemens has disclosed a critical authorization bypass in its Industrial Edge Device Kit that allows unauthenticated remote actors to impersonate legitimate users by abusing improperly protected API endpoints — a flaw Siemens and U.S. authorities rate at the highest severity and that demands...

Siemens has disclosed a serious vulnerability in the Interniche TCP/IP stack that underpins networking in a broad array of industrial devices and controllers; the flaw (tracked as CVE‑2025‑40820) can allow an unauthenticated remote attacker who can inject spoofed IP packets at precisely timed...

A high‑severity Man‑in‑the‑Middle (MitM) weakness in Siemens’ IAM client has been publicly disclosed and tracked as CVE‑2025‑40800: the client omits proper server certificate validation when establishing TLS connections to Siemens’ authorization servers, creating an exploitable channel for...

Siemens has confirmed a firmware-integrity weakness that affects several access-controller families and could let an attacker install modified firmware on door controllers — a scenario that turns a physical-access appliance into a persistent foothold. The vulnerability, tracked as CVE‑2022‑31807...

Siemens’ TIA Portal path‑traversal flaw embedded inside Festo Didactic packages is a real, actionable risk for engineering workstations and training systems — and it demands immediate, prioritized remediation across mixed IT/OT environments. Background / Overview Festo Didactic devices —...

Siemens’ staged advisory for Altair Grid Engine exposes two locally exploitable weaknesses that can let an attacker escalate privileges and — in one case — execute code as root, and Siemens’ ProductCERT has published a vendor patch and precise workarounds that must be applied immediately to...

Siemens has confirmed a high‑severity DLL‑hijacking vulnerability in Siemens Software Center and Solid Edge SE2025 that can allow arbitrary code execution when a crafted DLL is placed where the application will load it. The flaw is tracked as CVE‑2025‑40827 and carries a high severity rating — a...

Siemens ProductCERT has confirmed two high‑severity vulnerabilities in the SIMATIC S7‑1200 CPU V1/V2 families that can be exploited remotely to either crash controllers into a stop/defect state or replay previously recorded engineering‑level commands — a pair of flaws that demand immediate...

Siemens has published an urgent security advisory for its SIMATIC ET 200SP communication processors after a critical authentication weakness (CVE-2025-40771) was found in CP 1542SP-1 and CP 1543SP-1 variants: affected firmware versions prior to V2.4.24 do not properly authenticate configuration...

Siemens has released a security advisory and a fix for a high-severity SQL injection vulnerability in SINEC NMS, tracked as CVE-2025-40755, that affects all SINEC NMS builds prior to V4.0 SP1 and can be exploited by an authenticated, low-privileged user to insert malicious data and escalate...

Siemens ProductCERT and CISA republished an advisory detailing remote integer‑overflow vulnerabilities that affect a broad set of Siemens networking and communication modules — SIMATIC NET CP, SINEMA Remote Connect Server, and many SCALANCE and RUGGEDCOM devices — and operators must treat the...

Siemens has republished a critical advisory that pulls a spotlight back onto a cluster of high-severity Apache HTTP Server vulnerabilities found embedded inside several Siemens industrial networking products — most notably RUGGEDCOM NMS, SINEC NMS, and SINEMA family components — and is urging...

Siemens’ sprawling product portfolio remains at the center of a major, ongoing industrial‑security effort after a broad advisory—originally published by Siemens ProductCERT and republished by U.S. cyber authorities—relisted scores of SCALANCE, RUGGEDCOM, SIMATIC, SIMOTION, SIPLUS and related...

Siemens and upstream OpenSSL vulnerabilities that allow out-of-bounds reads — tracked under CVE-2021-3712 — remain a live operational risk across dozens of Siemens industrial networking, communications, and automation products; Siemens has published ProductCERT guidance and fixes for many...

CISA’s September 16, 2025 bulletin consolidates another urgent wave of Industrial Control Systems (ICS) security notices: eight advisories covering Schneider Electric, Hitachi Energy, Siemens, Delta Electronics and multiple Siemens product families, plus an update to a prior Schneider Galaxy...

CISA’s latest bulletin — a compact but consequential package released on September 11, 2025 — flags eleven Industrial Control Systems (ICS) advisories affecting major automation vendors and field devices, including multiple Siemens engineering and network products, several Schneider Electric...