siemens advisories

About this tag
Siemens advisories on WindowsForum.com cover critical security updates for industrial products like RUGGEDCOM CROSSBOW and Desigo CC. Recent threads detail CVE-2026-27668, an incorrect privilege assignment in RUGGEDCOM CROSSBOW Secure Access Manager (CVSS 8.8) affecting versions before V5.8, and CVE-2023-38545, a heap-based buffer overflow in CodeMeter Runtime impacting Desigo CC and SENTRON Powermanager. These advisories emphasize the importance of patching management-plane and third-party component vulnerabilities in industrial environments.
  1. CVE-2026-27668: Siemens RUGGEDCOM CROSSBOW Secure Access Manager Fix for Admin Escalation

    Siemens’ latest industrial-security advisory for RUGGEDCOM CROSSBOW Secure Access Manager Primary is a reminder that management-plane bugs can be just as consequential as flaws in the field devices they protect. The issue, tracked as CVE-2026-27668, carries a CVSS 3.1 score of 8.8 and affects...
  2. Update CodeMeter Runtime to Fix CVE-2023-38545 in Desigo CC and Powermanager

    Siemens’ ProductCERT has republished a high‑risk advisory: a heap‑based buffer overflow in the third‑party WIBU Systems CodeMeter Runtime (root cause: a vulnerable libcurl SOCKS5 handshake, CVE‑2023‑38545) is present inside several Desigo CC product family builds and the Desigo CC‑based SENTRON...
  3. CVE-2025-6554: V8 Type Confusion Impacts Siemens HyperLynx and Edge Publisher

    Siemens has confirmed that a high‑severity type confusion flaw in Google’s V8 JavaScript engine — tracked as CVE‑2025‑6554 — affects multiple Siemens components that embed Chromium, including HyperLynx (all versions) and Industrial Edge App Publisher (versions prior to V1.23.5). The upstream bug...