Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Siemens

#cec7a2ec-15b4-4faf-bd53-b40f371f3a77
PolicyEmail

Short Name

siemens

Program Role

CNA

Root

Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

Top Level Root

Cybersecurity and Infrastructure Security Agency (CISA)

Security Advisories

View Advisories

Domain

siemens.com

Country

Germany

Scope

Siemens issues only.
Reported CVEsVendorsProductsReports
1842Vulnerabilities found

CVE-2026-56451
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-10||CRITICAL
EPSS-0.38% / 30.64%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 09:19
Updated-14 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter X (All versions < V2604). Affected applications do not properly validate the algorithm specified in the JSON Web Token (JWT) header. This could allow an unauthenticated remote attacker to forge arbitrary JWT, bypass authentication mechanisms and impersonate any user including administrative accounts, potentially gaining full unauthorized access to the application.

Action-Not Available
Vendor-Siemens AG
Product-Opcenter X
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-54429
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.94%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 09:19
Updated-14 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced (All versions). Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local network segment to cause a denial-of-service condition of the affected application. The affected application becomes inaccessible and requires a manual restart; no project data is lost. Successful exploitation requires a specific project configuration to be already active on the targeted instance.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-PLCSIM Advanced
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-40945
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.14% / 3.97%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 09:19
Updated-14 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in COMOS V10.4.5 (All versions < V10.4.5.0.2), COMOS V10.6 (All versions < V10.6.1), Designcenter NX (All versions < V2512.7000), Simcenter 3D (All versions < V2512.7000), Simcenter Femap V2506 (All versions < V2506.0003), Simcenter Femap V2512 (All versions < V2512.0002), Simcenter Nastran (All versions < V2606), Simcenter STAR-CCM+ (All versions < V2606), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Teamcenter Visualization V2412 (All versions < V2412.0012), Teamcenter Visualization V2506 (All versions < V2506.0009), Teamcenter Visualization V2512 (All versions < V2512.2605), Tecnomatix Plant Simulation V2404 (All versions < V2404.0022), Tecnomatix Plant Simulation V2504 (All versions < V2504.0010), Tecnomatix Process Simulate (All versions < V2606). Untrusted search path in IAM Client SDK may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Siemens AG
Product-Designcenter NXSimcenter Femap V2512Simcenter STAR-CCM+COMOS V10.6Teamcenter Visualization V2412Tecnomatix Plant Simulation V2504Tecnomatix Plant Simulation V2404Tecnomatix Process SimulateTeamcenter Visualization V2512Solid Edge SE2025Simcenter 3DCOMOS V10.4.5Simcenter Femap V2506Simcenter NastranSolid Edge SE2026Teamcenter Visualization V2506
CWE ID-CWE-426
Untrusted Search Path
CVE-2026-54801
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.34% / 26.20%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 14:15
Updated-09 Jul, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.

Action-Not Available
Vendor-Siemens AG
Product-SICORE Base systemCPCI85 Central Processing/Communication
CWE ID-CWE-620
Unverified Password Change
CVE-2026-54800
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 4.26%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 14:15
Updated-09 Jul, 2026 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.

Action-Not Available
Vendor-Siemens AG
Product-SICORE Base systemCPCI85 Central Processing/Communication
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2026-54799
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.4||HIGH
EPSS-0.13% / 2.74%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 14:15
Updated-09 Jul, 2026 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.

Action-Not Available
Vendor-Siemens AG
Product-SICORE Base systemCPCI85 Central Processing/Communication
CWE ID-CWE-489
Active Debug Code
CVE-2026-54798
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.24% / 15.00%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 14:15
Updated-09 Jul, 2026 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions.

Action-Not Available
Vendor-Siemens AG
Product-SICORE Base systemCPCI85 Central Processing/Communication
CWE ID-CWE-489
Active Debug Code
CVE-2026-48192
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 9.22%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 14:30
Updated-02 Jul, 2026 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline. This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.

Action-Not Available
Vendor-Siemens AG
Product-Mendix Studio Pro 11.10Mendix Studio Pro 11.2Mendix Studio Pro 11.0Mendix Studio Pro 11.5Mendix Studio Pro 10.11Mendix Studio Pro 10.14Mendix Studio Pro 11.4Mendix Studio Pro 11.6Mendix Studio Pro 10.17Mendix Studio Pro 11.7Mendix Studio Pro 10.22Mendix Studio Pro 10.20Mendix Studio Pro 10.21Mendix Studio Pro 11.9Mendix Studio Pro 11.1Mendix Studio Pro 10.23Mendix Studio Pro 11.8Mendix Studio Pro 10.15Mendix Studio Pro 10.13Mendix Studio Pro 10.12Mendix Studio Pro 11.3Mendix Studio Pro 11.11Mendix Studio Pro 10.24Mendix Studio Pro 10.16Mendix Studio Pro 10.18Mendix Studio Pro 10.19
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-46749
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5||MEDIUM
EPSS-0.12% / 2.26%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 08:47
Updated-12 Jun, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.

Action-Not Available
Vendor-Siemens AG
Product-sinec_insSINEC INS
CWE ID-CWE-760
Use of a One-Way Hash with a Predictable Salt
CVE-2026-46748
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.21% / 10.68%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 08:46
Updated-09 Jun, 2026 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.

Action-Not Available
Vendor-Siemens AG
Product-SINEC INS
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2026-46747
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 15.33%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 08:46
Updated-09 Jun, 2026 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.

Action-Not Available
Vendor-Siemens AG
Product-SINEC INS
CWE ID-CWE-26
Path Traversal: '/dir/../filename'
CVE-2026-46746
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.45% / 36.45%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 08:46
Updated-12 Jun, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected service user (sinecins).

Action-Not Available
Vendor-Siemens AG
Product-sinec_insSINEC INS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-24349
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.06% / 0.01%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 08:46
Updated-26 Jun, 2026 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.

Action-Not Available
Vendor-Siemens AG
Product-simatic_wincc_unified_pc_runtimeSIMATIC WinCC Unified PC Runtime V21SIMATIC WinCC Unified PC Runtime V20SIMATIC WinCC Unified PC Runtime V16SIMATIC WinCC Unified PC Runtime V18SIMATIC WinCC Unified PC Runtime V17SIMATIC WinCC Unified PC Runtime V19
CWE ID-CWE-313
Cleartext Storage in a File or on Disk
CVE-2025-40808
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 8.35%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 08:46
Updated-09 Jun, 2026 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7SA87 (CP200)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7SD86 (CP200)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SY82 (CP150)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 6MD85 (CP300)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-41918
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.19% / 9.25%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 12:06
Updated-02 Jun, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.

Action-Not Available
Vendor-Siemens AG
Product-RUGGEDCOM RST2428P
CWE ID-CWE-525
Use of Web Browser Cache Containing Sensitive Information
CVE-2026-44412
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.11% / 1.31%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:21
Updated-13 May, 2026 | 01:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edge SE2026
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-44411
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.10% / 1.30%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:21
Updated-29 Jun, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2026Solid Edge SE2026
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2026-41551
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.49% / 38.78%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:21
Updated-12 May, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device.

Action-Not Available
Vendor-Siemens AG
Product-ROS#
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-41125
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 5.09%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:21
Updated-29 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M10 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions), blueplanet gridsave 110 TL3-S (All versions), blueplanet gridsave 137 TL3-S (All versions), blueplanet gridsave 92.0 TL3-S (All versions), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). Improper neutralization of special elements used in an sql command ('sql injection') in KACO Meteor server allows an authorized attacker to elevate privileges over a local network.

Action-Not Available
Vendor-Siemens AG
Product-blueplanet 105 TL3 GEN2blueplanet gridsave 92.0 TL3-Sblueplanet 165 TL3 GEN2blueplanet 165 TL3blueplanet 137 TL3blueplanet 3.0-5.0 NX1blueplanet 3.0 NX3-20.0 NX3blueplanet 150 TL3blueplanet 87.0 TL3 GEN2blueplanet 92.0 TL3 GEN2blueplanet 87.0 TL3blueplanet 155 TL3blueplanet 360 NX3 M6blueplanet 150 TL3 GEN2blueplanet gridsave 137 TL3-Sblueplanet hybrid 10.0 TL3blueplanet 100 NX3 M8blueplanet 110 TL3blueplanet 105 TL3blueplanet hybrid 6.0 NH3-12.0 NH3blueplanet 92.0 TL3blueplanet gridsave 110 TL3-Sblueplanet 125 TL3blueplanet 125 TL3 GEN2blueplanet 155 TL3 GEN2blueplanet 100 TL3 GEN2blueplanet 25.0 NX3-33.0 NX3blueplanet 50.0 NX3-60.0 NX3blueplanet 125 NX3 M10
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-33893
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.29% / 20.68%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:21
Updated-18 May, 2026 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application contains hardcoded key which is used for obfuscation stored directly into the application. This could allow an attacker to obtain these keys and misuse them to gain unauthorized access.

Action-Not Available
Vendor-Siemens AG
Product-teamcenterTeamcenter V2406Teamcenter V2512Teamcenter V2312Teamcenter V2412Teamcenter V2506
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-33862
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.19% / 9.08%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:21
Updated-18 May, 2026 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the affected page.

Action-Not Available
Vendor-Siemens AG
Product-teamcenterTeamcenter V2406Teamcenter V2512Teamcenter V2312Teamcenter V2412Teamcenter V2506
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27662
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.11% / 1.71%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:21
Updated-13 May, 2026 | 01:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performing unauthorized actions, or exploiting misconfigurations that may lead to further system compromise.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC HMI MTP1000, Unified Comfort Panel neutralSIMATIC HMI MTP1200 Unified Comfort Panel hygienicSIMATIC HMI MTP2200 Unified Comfort Hygienic neutral designSIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensioSIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unitSIMATIC HMI MTP1900 Unified Comfort Panel neutral designSIPLUS HMI MTP1000 Unified ComfortSIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top)SIMATIC HMI MTP2200 Unified Comfort Panel neutral designSIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom)SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unitSIMATIC HMI MTP1500 Unified Comfort PanelSIMATIC HMI MTP700, Unified Comfort Panel neutral designSIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensioSIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom)SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral designSIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral designSIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom)SIMATIC HMI MTP1000 Unified Comfort PanelSIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top)SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom)SIMATIC HMI MTP1500 Unified Comfort Panel neutral designSIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensioSIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensioSIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top)SIMATIC HMI MTP2200 Unified Comfort HygienicSIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top)SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral designSIMATIC HMI MTP1200 Unified Comfort Panel neutral designSIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral designSIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom)SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom)SIPLUS HMI MTP1200 Unified ComfortSIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top)SIMATIC HMI MTP2200 Unified Comfort PanelSIMATIC HMI MTP700 Unified Comfort PanelSIMATIC HMI MTP1500 Unified Comfort Panel hygienicSIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unitSIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top)SIMATIC HMI MTP1200 Unified Comfort PanelSIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral designSIMATIC HMI MTP1000 Unified Comfort Panel hygienicSIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top)SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top)SIMATIC HMI MTP1900 Unified Comfort Panel hygienicSIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unitSIMATIC HMI MTP1900 Unified Comfort PanelSIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom)SIPLUS HMI MTP700 Unified ComfortSIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom)
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2026-25789
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-0.27% / 19.38%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:21
Updated-14 Jul, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the authenticated user's session without requiring the file to be uploaded, potentially leading to session hijacking or credential theft.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-1500 Software Controller CPU 1507S F V2SIMATIC S7-1500 Software Controller CPU 1508S TF V3SIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1517F-3 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIPLUS ET 200SP CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1512C-1 PNSIPLUS S7-1500 CPU 1511-1 PNSIMATIC ET 200SP CPU 1514SPT F-2 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUsSIMATIC S7-1500 Software Controller CPU 1508S F V2SIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1518F-3 PNSIMATIC S7-1500 CPU 1518T-3 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 Software Controller CPU 1507S F V4SIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 Software Controller CPU 1508S V4SIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIMATIC S7-1500 Software Controller CPU 1508S T V3SIMATIC S7-1500 CPU 1516pro F-2 PNSIMATIC S7-1500 Software Controller Linux V3SIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1517T-3 PNSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC Drive Controller CPU 1504D TFSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 Software Controller Linux V2SIMATIC S7-1500 CPU 1517TF-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1513pro F-2 PNSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC ET 200SP CPU 1514SPT-2 PNSIMATIC S7-1500 CPU 1516pro-2 PNSIMATIC S7-1500 Software Controller CPU 1508S F V4SIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V2SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIMATIC S7-1500 Software Controller CPU 1508S V2SIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC Drive Controller CPU 1507D TFSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 CPU 1511TF-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V4SIMATIC S7-1500 CPU 1513pro-2 PNSIMATIC S7-1500 CPU 1517TF-3 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 Software Controller CPU 1508S F V3SIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUsSIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 Software Controller CPU 1507S F V3SIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1517-3 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUsSIPLUS S7-1500 CPU 1515F-2 PNSIMATIC S7-PLCSIM AdvancedSIMATIC ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 Software Controller CPU 1507S V3SIPLUS ET 200SP CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC ET 200SP CPU 1514SP-2 PNSIMATIC S7-1500 CPU 1518-3 PNSIMATIC S7-1500 Software Controller CPU 1508S V3SIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC ET 200SP CPU 1514SP F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1516T-3 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS S7-1500 CPU 1513F-1 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 CPU 1518TF-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25787
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.37% / 29.28%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:21
Updated-14 Jul, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "Motion Control Diagnostics" parameters page, the malicious code would be executed in the scope of their web session.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-1500 Software Controller CPU 1507S F V2SIMATIC S7-1500 Software Controller CPU 1508S TF V3SIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1517F-3 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIPLUS ET 200SP CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1512C-1 PNSIPLUS S7-1500 CPU 1511-1 PNSIMATIC ET 200SP CPU 1514SPT F-2 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUsSIMATIC S7-1500 Software Controller CPU 1508S F V2SIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1518F-3 PNSIMATIC S7-1500 CPU 1518T-3 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 Software Controller CPU 1507S F V4SIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 Software Controller CPU 1508S V4SIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIMATIC S7-1500 Software Controller CPU 1508S T V3SIMATIC S7-1500 CPU 1516pro F-2 PNSIMATIC S7-1500 Software Controller Linux V3SIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1517T-3 PNSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC Drive Controller CPU 1504D TFSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 Software Controller Linux V2SIMATIC S7-1500 CPU 1517TF-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1513pro F-2 PNSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC ET 200SP CPU 1514SPT-2 PNSIMATIC S7-1500 CPU 1516pro-2 PNSIMATIC S7-1500 Software Controller CPU 1508S F V4SIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V2SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIMATIC S7-1500 Software Controller CPU 1508S V2SIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC Drive Controller CPU 1507D TFSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 CPU 1511TF-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V4SIMATIC S7-1500 CPU 1513pro-2 PNSIMATIC S7-1500 CPU 1517TF-3 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 Software Controller CPU 1508S F V3SIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUsSIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 Software Controller CPU 1507S F V3SIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1517-3 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUsSIPLUS S7-1500 CPU 1515F-2 PNSIMATIC S7-PLCSIM AdvancedSIMATIC ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 Software Controller CPU 1507S V3SIPLUS ET 200SP CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC ET 200SP CPU 1514SP-2 PNSIMATIC S7-1500 CPU 1518-3 PNSIMATIC S7-1500 Software Controller CPU 1508S V3SIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC ET 200SP CPU 1514SP F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1516T-3 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS S7-1500 CPU 1513F-1 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 CPU 1518TF-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25786
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.37% / 29.28%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-14 Jul, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "communication" parameters page, the malicious code would be executed in the scope of their web session.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-1500 Software Controller CPU 1507S F V2SIMATIC S7-1500 Software Controller CPU 1508S TF V3SIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1517F-3 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIPLUS ET 200SP CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1512C-1 PNSIPLUS S7-1500 CPU 1511-1 PNSIMATIC ET 200SP CPU 1514SPT F-2 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUsSIMATIC S7-1500 Software Controller CPU 1508S F V2SIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1518F-3 PNSIMATIC S7-1500 CPU 1518T-3 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 Software Controller CPU 1507S F V4SIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 Software Controller CPU 1508S V4SIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIMATIC S7-1500 Software Controller CPU 1508S T V3SIMATIC S7-1500 CPU 1516pro F-2 PNSIMATIC S7-1500 Software Controller Linux V3SIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1517T-3 PNSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC Drive Controller CPU 1504D TFSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 Software Controller Linux V2SIMATIC S7-1500 CPU 1517TF-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1513pro F-2 PNSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC ET 200SP CPU 1514SPT-2 PNSIMATIC S7-1500 CPU 1516pro-2 PNSIMATIC S7-1500 Software Controller CPU 1508S F V4SIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V2SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIMATIC S7-1500 Software Controller CPU 1508S V2SIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC Drive Controller CPU 1507D TFSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 CPU 1511TF-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V4SIMATIC S7-1500 CPU 1513pro-2 PNSIMATIC S7-1500 CPU 1517TF-3 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 Software Controller CPU 1508S F V3SIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUsSIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 Software Controller CPU 1507S F V3SIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1517-3 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUsSIPLUS S7-1500 CPU 1515F-2 PNSIMATIC S7-PLCSIM AdvancedSIMATIC ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 Software Controller CPU 1507S V3SIPLUS ET 200SP CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC ET 200SP CPU 1514SP-2 PNSIMATIC S7-1500 CPU 1518-3 PNSIMATIC S7-1500 Software Controller CPU 1508S V3SIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC ET 200SP CPU 1514SP F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1516T-3 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS S7-1500 CPU 1513F-1 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 CPU 1518TF-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-22925
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.32% / 24.52%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-29 Jun, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by overwhelming system resources.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100simatic_cn_4100_firmwareSIMATIC CN 4100
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-22924
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.30% / 21.89%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-29 Jun, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions, potentially impacting system availability and integrity.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100simatic_cn_4100_firmwareSIMATIC CN 4100
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-40949
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.9||HIGH
EPSS-0.67% / 48.06%
||
7 Day CHG+0.13%
Published-12 May, 2026 | 08:20
Updated-29 Jun, 2026 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input in the Scheduler functionality of the Web UI, allowing commands to be injected into the task scheduling backend. This could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_mx5000re_firmwareruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1512ruggedcom_rox_rx5000_firmwareruggedcom_rox_mx5000ruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1512_firmwareruggedcom_rox_rx1524_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx5000ruggedcom_rox_rx1511ruggedcom_rox_rx1501_firmwareruggedcom_rox_rx1536ruggedcom_rox_rx1501ruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_mx5000reruggedcom_rox_mx5000_firmwareruggedcom_rox_rx1536_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1511
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-40948
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 20.55%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-29 Jun, 2026 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly validate input in the web server's JSON-RPC interface. This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_mx5000re_firmwareruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1512ruggedcom_rox_rx5000_firmwareruggedcom_rox_mx5000ruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1512_firmwareruggedcom_rox_rx1524_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx5000ruggedcom_rox_rx1511ruggedcom_rox_rx1501_firmwareruggedcom_rox_rx1536ruggedcom_rox_rx1501ruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_mx5000reruggedcom_rox_mx5000_firmwareruggedcom_rox_rx1536_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1511
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2025-40947
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.7||HIGH
EPSS-0.44% / 35.83%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-29 Jun, 2026 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process. This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_mx5000re_firmwareruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1512ruggedcom_rox_rx5000_firmwareruggedcom_rox_mx5000ruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1512_firmwareruggedcom_rox_rx1524_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx5000ruggedcom_rox_rx1511ruggedcom_rox_rx1501_firmwareruggedcom_rox_rx1536ruggedcom_rox_rx1501ruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_mx5000reruggedcom_rox_mx5000_firmwareruggedcom_rox_rx1536_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1511
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-40946
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-0.19% / 8.39%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-29 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M10 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0 TL3-60.0 TL3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions < V6.1.4.9), blueplanet gridsave 110 TL3-S (All versions < V3.91), blueplanet gridsave 137 TL3-S (All versions < V3.91), blueplanet gridsave 92.0 TL3-S (All versions < V3.91), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). A CRC16-based algorithm for generating Technical Service credentials could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access.

Action-Not Available
Vendor-Siemens AG
Product-blueplanet 105 TL3 GEN2blueplanet gridsave 92.0 TL3-Sblueplanet 165 TL3 GEN2blueplanet 165 TL3blueplanet 137 TL3blueplanet 3.0-5.0 NX1blueplanet 3.0 TL3-60.0 TL3blueplanet 3.0 NX3-20.0 NX3blueplanet 150 TL3blueplanet 87.0 TL3 GEN2blueplanet 92.0 TL3 GEN2blueplanet 87.0 TL3blueplanet 155 TL3blueplanet 150 TL3 GEN2blueplanet 360 NX3 M6blueplanet gridsave 137 TL3-Sblueplanet hybrid 10.0 TL3blueplanet 100 NX3 M8blueplanet 110 TL3blueplanet 105 TL3blueplanet hybrid 6.0 NH3-12.0 NH3blueplanet 92.0 TL3blueplanet gridsave 110 TL3-Sblueplanet 125 TL3blueplanet 125 TL3 GEN2blueplanet 155 TL3 GEN2blueplanet 100 TL3 GEN2blueplanet 25.0 NX3-33.0 NX3blueplanet 50.0 NX3-60.0 NX3blueplanet 125 NX3 M10
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2025-40833
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.32% / 24.52%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-14 Jul, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-400 CPU 416-3 PN/DP V7SCALANCE MUM856-1 (EU)SCALANCE XR524-8C, 1x230VSCALANCE W1788-1 M12SCALANCE X308-2LHSCALANCE M816-1 ADSL-RouterSCALANCE WAM766-1SCALANCE WUB762-1SCALANCE S615 LAN-RouterSIMATIC CFU DIQSCALANCE WAM766-1 EECSCALANCE M812-1 ADSL-RouterSCALANCE W774-1 RJ45SCALANCE X206-1SCALANCE X302-7 EEC (24V, coated)SIMATIC S7-400 CPU 412-2 PN V7SCALANCE MUM856-1 (A1)SCALANCE W721-1 RJ45SCALANCE XR528-6M (2HR2)SIPLUS S7-400 CPU 414-3 PN/DP V7SCALANCE MUB852-1 (B1)SCALANCE X204-2FMSCALANCE X204-2TSSCALANCE X310SCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR552-12M (2HR2)SCALANCE SC642-2CSCALANCE XM408-8C (L3 int.)SCALANCE X307-2 EEC (230V)SITOP PSU8600 3AC 40 A PNSIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)SCALANCE W1788-2 M12SCALANCE WAM766-1 (ME)SCALANCE M826-2 SHDSL-RouterSCALANCE W786-1 RJ45SCALANCE W786-2 RJ45SINAMICS G120CSCALANCE MUM853-1 (B1)SCALANCE X304-2FESCALANCE X307-2 EEC (24V)SITOP UPS1600 10 A Ethernet/ PROFINETSIMATIC S7-300 CPU 317-2 PN/DPSCALANCE WAM766-1 EEC (ME)SCALANCE X307-3LDSIMATIC ET 200pro IM 154-8 PN/DP CPUSCALANCE X408-2SCALANCE W788-2 M12 EECSCALANCE W761-1 RJ45SCALANCE X212-2SCALANCE W1748-1 M12SCALANCE W774-1 M12 EECSCALANCE W738-1 M12SCALANCE MUM856-1 (RoW)SCALANCE XR526-8C, 1x230VSCALANCE X308-2MSIPLUS S7-300 CPU 317F-2 PN/DPSCALANCE X206-1LDSCALANCE W722-1 RJ45SIMATIC ET 200SP CPU 1510SP-1 PNSIPLUS S7-300 CPU 314C-2 PN/DPIE/PB link PN IOSINAMICS G120XSCALANCE XR324-4M PoE (230V, ports on rear)SIPLUS S7-400 CPU 416-3 PN/DP V7SCALANCE X307-2 EEC (2x 230V, coated)SIPLUS S7-300 CPU 315F-2 PN/DPSCALANCE X302-7 EEC (24V)SCALANCE X308-2M TSSCALANCE MUM856-1 (B1)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE SC622-2CSCALANCE X320-1-2LD FESCALANCE X302-7 EEC (230V)SITOP PSU8600 3AC 20 A/4x5 A PNSCALANCE X302-7 EEC (2x 24V)SIPLUS ET 200S IM 151-8F PN/DP CPUSCALANCE MUM853-1 (EU)SCALANCE W786-2 SFPSCALANCE X208PROSCALANCE X224SCALANCE XR528-6MSIMATIC S7-1500 CPU 1511-1 PNSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M TS (24V)SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE W774-1 RJ45 (USA)SCALANCE XF204SCALANCE XR324-12M (230V, ports on front)SIPLUS ET 200S IM 151-8 PN/DP CPUSCALANCE X307-2 EEC (2x 230V)SCALANCE XR526-8C, 2x230VSITOP PSU8600 3AC 40 A/4x10A EIPSCALANCE X310FESCALANCE XR524-8C, 2x230V (L3 int.)SIMATIC ET 200pro IM 154-8F PN/DP CPUSIMATIC S7-300 CPU 314C-2 PN/DPSIMATIC ET 200SP CPU 1510SP F-1 PNSINAMICS G120DSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE XR324-4M EEC (2x 24V, ports on front)SCALANCE WUM766-1 (ME)SIMATIC S7-1500 CPU 1511F-1 PNSCALANCE X204-2LDSCALANCE M876-3SCALANCE WUM763-1 (US)SCALANCE XM416-4CSCALANCE SC646-2CSINAMICS G150SCALANCE WUM766-1 (USA)SIMATIC S7-300 CPU 319F-3 PN/DPSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)SIMATIC S7-300 CPU 315F-2 PN/DPSIMIT UNIT V10SCALANCE X308-2LDSCALANCE X308-2SCALANCE XR528-6M (L3 int.)SCALANCE W734-1 RJ45SINAMICS G120XASCALANCE M876-4 (NAM)SCALANCE M874-3 3G-Router (CN)SCALANCE X308-2 RD (inkl. SIPLUS variants)SIMATIC S7-300 CPU 319-3 PN/DPSCALANCE XF206-1SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)SIMATIC S7-1500 CPU 1515-2 PNSCALANCE SC626-2CSINAMICS CBE20SCALANCE W788-2 RJ45SCALANCE W778-1 M12 EEC (USA)SCALANCE XR526-8C, 24VSIMATIC ET 200SP HA IM155-6 PNSCALANCE M876-3 (ROK)SCALANCE W788-2 M12SCALANCE SC632-2CSCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE M804PBSIMIT UNIT V11SIMATIC S7-400 CPU 414F-3 PN/DP V7SCALANCE W734-1 RJ45 (USA)SCALANCE MUM856-1 (CN)SCALANCE WUM763-1SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X306-1LD FERUGGEDCOM RM1224 LTE(4G) EUSCALANCE XR524-8C, 2x230VSCALANCE X308-2LH+SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on rear)SCALANCE XF208SIMATIC S7-300 CPU 317T-3 PN/DPSINAMICS S150SCALANCE XM416-4C (L3 int.)SCALANCE X307-2 EEC (24V, coated)SCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE M876-4SCALANCE X302-7 EEC (2x 230V)SIMATIC S7-300 CPU 317TF-3 PN/DPSITOP PSU8600 3AC 20 A PNSCALANCE W788-1 RJ45SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE X308-2M PoESCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE X302-7 EEC (230V, coated)SCALANCE XF204-2SIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-300 CPU 315T-3 PN/DPSCALANCE WAM763-1 (US)SCALANCE S615 EEC LAN-RouterSIMATIC S7-1500 CPU 1516F-3 PN/DPSCALANCE W788-1 M12SCALANCE WAM766-1 EEC (US)SCALANCE X307-3SCALANCE XR526-8C, 24V (L3 int.)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE WAM766-1 (US)SCALANCE W748-1 RJ45SCALANCE XR324-4M PoE (230V, ports on front)SIMATIC CFU PASCALANCE M874-3SIMATIC ET 200pro IM 154-8FX PN/DP CPUSCALANCE W1788-2 EEC M12SIMATIC S7-400 CPU 416F-3 PN/DP V7SCALANCE MUB852-1 (A1)SCALANCE WAM763-1SIMATIC S7-300 CPU 315-2 PN/DPSCALANCE XM408-4C (L3 int.)SCALANCE XR324-12M (24V, ports on front)SIMATIC ET 200S IM 151-8F PN/DP CPUSCALANCE X208SINAMICS S120 (incl. SIPLUS variants)SITOP UPS1600 20 A Ethernet/ PROFINETSCALANCE WUM766-1SCALANCE XM408-8CSIMATIC S7-1500 CPU 1516-3 PN/DPSCALANCE M876-4 (EU)SCALANCE WUB762-1 iFeaturesSCALANCE X216IE/PB LINK HASCALANCE XR524-8C, 24V (L3 int.)SITOP PSU8600 3AC 40 A/4x10 A PNSCALANCE WAM763-1 (ME)SIMATIC S7-300 CPU 317F-2 PN/DPSCALANCE X212-2LDSCALANCE XR324-12M (24V, ports on rear)SIMATIC S7-1500 CPU 1513-1 PNSITOP UPS1600 EX 20 A Ethernet PROFINETSCALANCE W778-1 M12 EECSINAMICS S110SCALANCE XR524-8C, 24VSINAMICS G130SCALANCE W1788-2IA M12SCALANCE W786-2IA RJ45SITOP UPS1600 40 A Ethernet/ PROFINETSCALANCE X204-2LD TSSCALANCE WAB762-1SIMATIC ET 200S IM 151-8 PN/DP CPUSCALANCE MUM853-1 (A1)SCALANCE XR552-12MSINAMICS G115DSCALANCE X204-2SCALANCE XM408-4CSINUMERIK 840D slRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE M874-2SIPLUS NET IE/PB link PN IOSCALANCE X307-2 EEC (230V, coated)SCALANCE X320-1 FESCALANCE SC636-2CSINAMICS G120 (incl. SIPLUS variants)SIPLUS S7-300 CPU 317-2 PN/DPSIMATIC S7-400 CPU 414-3 PN/DP V7SCALANCE W778-1 M12SIMATIC S7-1500 CPU 1515F-2 PNSCALANCE XR324-4M PoE (24V, ports on front)SIMATIC ET 200SP CPU 1512SP-1 PNSCALANCE XR526-8C, 2x230V (L3 int.)SIPLUS S7-300 CPU 315-2 PN/DPSITOP PSU8600 1AC 20 A/4x5 A PNSCALANCE W748-1 M12SCALANCE XR552-12M (2HR2, L3 int.)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-54017
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 22.58%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-13 May, 2026 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V11.0), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V11.0), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V11.0), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V11.0), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST86 (CP300) (All versions < V11.0), SIPROTEC 5 7SX82 (CP150) (All versions < V11.0), SIPROTEC 5 7SX85 (CP300) (All versions < V11.0), SIPROTEC 5 7SY82 (CP150) (All versions < V11.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V11.0), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VU85 (CP300) (All versions < V11.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V11.0). Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7KE85 (CP200)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SL87 (CP200)SIPROTEC 5 7SA87 (CP200)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 6MD85 (CP200)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 6MD84 (CP300)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SL86 (CP200)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 7SD84 (CP200)SIPROTEC 5 7SD86 (CP200)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7UT85 (CP200)SIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7SK85 (CP200)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SS85 (CP200)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7SJ85 (CP200)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7SJ86 (CP200)SIPROTEC 5 7SY82 (CP150)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 6MD86 (CP200)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 7VK87 (CP200)SIPROTEC 5 7SA84 (CP200)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SA86 (CP200)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7ST85 (CP200)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7UT86 (CP200)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7UT87 (CP200)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7SD87 (CP200)SIPROTEC 5 7UT85 (CP300)
CWE ID-CWE-334
Small Space of Random Values
CVE-2026-33892
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.1||MEDIUM
EPSS-0.21% / 11.09%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 08:40
Updated-14 Apr, 2026 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.

Action-Not Available
Vendor-Siemens AG
Product-Industrial Edge Management VirtualIndustrial Edge Management Pro V1Industrial Edge Management Pro V2
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2026-27668
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.26% / 17.34%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 08:40
Updated-17 Apr, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access to any device group at any access level.

Action-Not Available
Vendor-Siemens AG
Product-RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-25654
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.45% / 36.60%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 08:40
Updated-17 Apr, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account.

Action-Not Available
Vendor-Siemens AG
Product-SINEC NMS
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-24032
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.41%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 08:40
Updated-17 Apr, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564)

Action-Not Available
Vendor-Siemens AG
Product-SINEC NMS
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-40745
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.3||MEDIUM
EPSS-0.14% / 3.52%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 08:40
Updated-29 Jun, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

Action-Not Available
Vendor-Siemens AG
Product-software_centersimcenter_femapsimcenter_star-ccm\+_viewersolid_edge_se2026tecnomatix_plant_simulationsolid_edge_se2025simcenter_3dSolid Edge SE2025Simcenter 3DSiemens Software CenterSimcenter FemapSimcenter STAR-CCM+Tecnomatix Plant SimulationSolid Edge SE2026
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-27664
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.36% / 28.05%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 14:03
Updated-14 Apr, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.

Action-Not Available
Vendor-Siemens AG
Product-SICORE Base systemCPCI85 Central Processing/Communication
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-27663
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.70%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 14:03
Updated-14 Apr, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality.

Action-Not Available
Vendor-Siemens AG
Product-CPCI85 Central Processing/CommunicationRTUM85 RTU Base
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-27661
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.35%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-17 Mar, 2026 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on `SSM Server`.

Action-Not Available
Vendor-Siemens AG
Product-sinec_security_monitorSINEC Security Monitor
CWE ID-CWE-1230
Exposure of Sensitive Information Through Metadata
CVE-2026-25605
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 2.45%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-12 Mar, 2026 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in denial of service or service disruption.

Action-Not Available
Vendor-Siemens AG
Product-sicam_siapp_sdkSICAM SIAPP SDK
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-25573
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.39% / 31.37%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-12 Mar, 2026 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise.

Action-Not Available
Vendor-Siemens AG
Product-sicam_siapp_sdkSICAM SIAPP SDK
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-25572
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 2.07%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-13 Mar, 2026 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.

Action-Not Available
Vendor-Siemens AG
Product-sicam_siapp_sdkSICAM SIAPP SDK
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2026-25571
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 0.94%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-13 Mar, 2026 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.

Action-Not Available
Vendor-Siemens AG
Product-sicam_siapp_sdkSICAM SIAPP SDK
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2026-25570
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.14% / 3.95%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-13 Mar, 2026 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an attacker to perform code execution and denial of service.

Action-Not Available
Vendor-Siemens AG
Product-sicam_siapp_sdkSICAM SIAPP SDK
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-25569
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.14% / 4.02%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-13 Mar, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution.

Action-Not Available
Vendor-Siemens AG
Product-sicam_siapp_sdkSICAM SIAPP SDK
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-40943
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.4||CRITICAL
EPSS-0.46% / 36.91%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-12 May, 2026 | 08:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-1500 CPU 1513F-1 PNSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 CPU 1511TF-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V2SIMATIC S7-1500 CPU 1518-3 PNSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC S7-1500 Software Controller CPU 1508S F V2SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1512C-1 PNSIMATIC S7-1500 CPU 1517F-3 PNSIMATIC S7-1500 CPU 1518T-3 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 Software Controller CPU 1508S F V4SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OSSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 Software Controller CPU 1507S V3SIMATIC S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1516TF-3 PNSIPLUS S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 Software Controller CPU 1508S TF V3SIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V4SIMATIC S7-1500 Software Controller CPU 1508S F V3SIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OSSIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-PLCSIM AdvancedSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1517-3 PNSIMATIC S7-1500 CPU 1513-1 PNSIMATIC ET 200SP CPU 1514SP-2 PNSIMATIC S7-1500 CPU 1517T-3 PNSIMATIC ET 200SP CPU 1514SPT-2 PNSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIMATIC S7-1500 CPU 1518TF-3 PNSIMATIC S7-1500 Software Controller CPU 1507S F V3SIMATIC ET 200SP CPU 1514SPT F-2 PNSIMATIC S7-1500 CPU 1518F-4 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 Software Controller CPU 1507S F V2SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OSSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PNSIMATIC S7-1500 Software Controller CPU 1508S V3SIMATIC Drive Controller CPU 1504D TFSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC ET 200SP CPU 1514SP F-2 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC S7-1500 CPU 1511T-1 PNSIMATIC S7-1500 Software Controller CPU 1508S T V3SIMATIC S7-1500 CPU 1516pro F-2 PNSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1518T-4 PN/DPSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 Software Controller CPU 1508S V4SIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 Software Controller Linux V3SIMATIC S7-1500 CPU 1518F-3 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUsSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC S7-1500 CPU 1516pro-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1517T-3 PN/DPSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIPLUS ET 200SP CPU 1510SP-1 PNSIMATIC S7-1500 Software Controller Linux V2SIMATIC Drive Controller CPU 1507D TFSIMATIC S7-1500 CPU 1513pro-2 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1516T-3 PNSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 Software Controller CPU 1508S V2SIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIMATIC S7-1500 Software Controller CPU 1507S F V4SIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIMATIC S7-1500 CPU 1511C-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 CPU 1517TF-3 PNSIMATIC S7-1500 CPU 1513pro F-2 PNSIMATIC ET 200SP CPU 1512SP-1 PN
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2025-27769
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-2.4||LOW
EPSS-0.14% / 3.85%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-11 Mar, 2026 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable.

Action-Not Available
Vendor-Siemens AG
Product-Heliox Mobile DC 40 kW EV Charging StationHeliox Flex 180 kW EV Charging Station
CWE ID-CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CVE-2026-25656
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.24% / 14.81%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-14 Apr, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsuser_management_componentUser Management Component (UMC)SINEC NMS
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 36
  • 37
  • Next