#vulnerability

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC 4 Compact Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIPROTEC 4 6MD61: All versions SIPROTEC 4 7SJ62: All versions SIPROTEC 4 7SJ63: All versions SIPROTEC 4 7SJ64: All versions SIPROTEC 4 7SJ66: All versions SIPROTEC 4 7SS52: All versions SIPROTEC 4 7ST6: All...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Rockwell Equipment: FactoryTalk Linx Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx drivers. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: FactoryTalk Linx: Versions prior to 6.50 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL CWE-284 A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to 'development', the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers. CVE-2025-7972 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.0 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-7972. A base score of 8.4 ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SICAM Q100, SICAM Q200 Vulnerabilities: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens POWER METER SICAM Q100 (7KG9501-0AA01-0AA1): Versions 2.60 up to but not including 2.62 Siemens POWER METER SICAM Q100 (7KG9501-0AA01-2AA1): Versions 2.60 up to but not including 2.62 Si...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Action Manager Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local unauthenticated attacker to listen to communications and manipulate the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FactoryTalk Action Manager, a software management platform, are affected: FactoryTalk Action Manager: Version 1.0.0 to 1.01 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcast over a WebSocket and can be intercepted by any local client listening on the connection. CVE-2025-7532 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calcul...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable from a local network Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device or execute malicious code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Studio 5000 Logix Designer, a centralized control system management software, are affected: Studio 5000 Logix Designer: Version 36.00.02 to 37.00.02 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; however, it may be possible to execute malicious code without triggering a crash. CVE-2025-7971 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string i...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM CROSSBOW Station Access Controller (SAC) Vulnerabilities: Heap-Based Buffer Overflow, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: RUGGEDCOM CROSSBOW Station Access Controller (SAC): Versions prior to V5.7 3.2 VULNERABILITY OVERVIEW 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 An integer overflow can be trig...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated administrator to execute unauthorized arbitrary OS commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: RUGGEDCOM APE1808: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS C...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Simcenter Femap V2406: vers:intdot/<2406.0003 Siemens Simcenter Femap V2412: vers:intdot/<2412.0002 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 The affected applications contain an out of bounds write vulnerability when parsing a specia...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Wibu CodeMeter Vulnerability: Least Privilege Violation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user to navigate from Import License to a privileged instance of Windows Explorer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC Information Server 2020: All versions Siemens SIMATIC WinCC OA V3.20: All versions prior to V3.20 P008 Siemens SIMATIC Information Server 2022: All versions Siemens SIMATIC Information Server 2024: All versions Siemens SIMATIC PDM Maintenanc...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).   View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: Opcenter Quality Vulnerabilities: Incorrect Authorization, Missing Encryption of Sensitive Data, Generation of Error Message Containing Sensitive Information, Insufficient Session Expiration, Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain complete access of the application, access to sensitive information, access to session information, or execute a Machine-In-The-Middle attack and compromise confidentiality and integrity of data. 3. TECHNI...