Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Siemens

#cec7a2ec-15b4-4faf-bd53-b40f371f3a77
PolicyEmail

Short Name

siemens

Program Role

CNA

Root

Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

Top Level Root

Cybersecurity and Infrastructure Security Agency (CISA)

Security Advisories

View Advisories

Domain

siemens.com

Country

Germany

Scope

Siemens issues only.
Reported CVEsVendorsProductsReports
37Vulnerabilities found
CVE-2026-25656
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-12 Feb, 2026 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsuser_management_componentSINEC NMSUser Management Component (UMC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-25655
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-12 Feb, 2026 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative privilege.(ZDI-CAN-28107)

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-23720
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-11 Feb, 2026 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_nastransimcenter_femapSimcenter NastranSimcenter Femap
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-23719
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-11 Feb, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_nastransimcenter_femapSimcenter NastranSimcenter Femap
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-23718
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-11 Feb, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_nastransimcenter_femapSimcenter NastranSimcenter Femap
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-23717
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-11 Feb, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_nastransimcenter_femapSimcenter NastranSimcenter Femap
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-23716
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-11 Feb, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_nastransimcenter_femapSimcenter NastranSimcenter Femap
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-23715
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-11 Feb, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_nastransimcenter_femapSimcenter NastranSimcenter Femap
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-22923
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.01% / 0.27%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-10 Feb, 2026 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution.

Action-Not Available
Vendor-Siemens AG
Product-NX
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-40587
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.94%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-10 Feb, 2026 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by creating specially crafted document titles that are later viewed by other users of the application.

Action-Not Available
Vendor-Siemens AG
Product-Polarion V2410Polarion V2404
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-52334
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 1.24%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-10 Feb, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the original passwords and might gain unauthorized access.

Action-Not Available
Vendor-Siemens AG
Product-syngo.plaza VB30E
CWE ID-CWE-261
Weak Encoding for Password
CVE-2025-40944
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.05% / 16.28%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 09:44
Updated-13 Jan, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions < V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions < V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions < V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions < V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions >= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions < V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state. This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.

Action-Not Available
Vendor-Siemens AG
Product-SIPLUS NET PN/PN CouplerSIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)SIPLUS ET 200SP IM 155-6 PN HFSIMATIC ET 200SP IM 155-6 PN/3 HFSIMATIC ET 200AL IM 157-1 PNSIPLUS ET 200MP IM 155-5 PN HFSIMATIC PN/MF CouplerSIPLUS ET 200MP IM 155-5 PN HF T1 RAILSIPLUS ET 200SP IM 155-6 PN HF TX RAILSIMATIC ET 200SP IM 155-6 PN R1SIMATIC ET 200SP IM 155-6 PN/2 HFSIMATIC ET 200MP IM 155-5 PN HFSIMATIC PN/PN CouplerSIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIMATIC ET 200SP IM 155-6 MF HF
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-40942
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.01% / 2.41%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 09:44
Updated-22 Jan, 2026 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.

Action-Not Available
Vendor-Siemens AG
Product-telecontrol_server_basicTeleControl Server Basic
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-40805
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-10||CRITICAL
EPSS-0.20% / 41.88%
||
7 Day CHG-0.00%
Published-13 Jan, 2026 | 09:44
Updated-13 Jan, 2026 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a legitimate user.

Action-Not Available
Vendor-Siemens AG
Product-Industrial Edge Device Kit - x86-64 V1.11Industrial Edge Device Kit - arm64 V1.10Industrial Edge Device Kit - arm64 V1.16SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top)Industrial Edge Device Kit - x86-64 V1.16Industrial Edge Virtual Device (IEVD)Industrial Edge Device Kit - x86-64 V1.8Industrial Edge Device Kit - arm64 V1.25SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top)Industrial Edge Device Kit - x86-64 V1.24Industrial Edge Device Kit - x86-64 V1.13Industrial Edge Device Kit - x86-64 V1.7SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top)SIMATIC HMI MTP2200 Unified Comfort Panel neutral designSIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom)Industrial Edge Own Device (IEOD)SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensioIndustrial Edge Device Kit - x86-64 V1.23Industrial Edge Device Kit - x86-64 V1.20Industrial Edge Device Kit - arm64 V1.14SIMATIC HMI MTP2200 Unified Comfort PanelIndustrial Edge Device Kit - arm64 V1.23SIMATIC HMI MTP1000 Unified Comfort Panel hygienicSIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top)Industrial Edge Device Kit - arm64 V1.17SIMATIC HMI MTP2200 Unified Comfort HygienicSIMATIC IPC227E Industrial Edge DeviceIndustrial Edge Device Kit - arm64 V1.5SIMATIC HMI MTP1900 Unified Comfort Panel hygienicSIMATIC HMI MTP1500 Unified Comfort Panel hygienicIndustrial Edge Device Kit - x86-64 V1.21SIMATIC Automation Workstation 24"SIPLUS HMI MTP1200 Unified ComfortIndustrial Edge Device Kit - x86-64 V1.9Industrial Edge Device Kit - arm64 V1.8SIMATIC IPC227G Industrial Edge DeviceSIMATIC HMI MTP1500 Unified Comfort PanelIndustrial Edge Device Kit - arm64 V1.19Industrial Edge Device Kit - x86-64 V1.14Industrial Edge Device Kit - x86-64 V1.10SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensioSIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral designSIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom)SIMATIC HMI MTP1000 Unified Comfort PanelSIMATIC IOT2050Industrial Edge Device Kit - arm64 V1.24Industrial Edge Device Kit - x86-64 V1.22SIMATIC HMI MTP1500 Unified Comfort Panel neutral designSIMATIC IPC BX-39A Industrial Edge DeviceSIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top)SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensioSIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top)SIMATIC IPC847E Industrial Edge DeviceIndustrial Edge Device Kit - arm64 V1.15Industrial Edge Device Kit - arm64 V1.12Industrial Edge Device Kit - x86-64 V1.18SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral designSIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral designIndustrial Edge Device Kit - arm64 V1.9Industrial Edge Device Kit - x86-64 V1.17SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top)Industrial Edge Device Kit - arm64 V1.11SIMATIC HMI MTP700, Unified Comfort Panel neutral designSIMATIC HMI MTP1000, Unified Comfort Panel neutralSIMATIC HMI MTP1200 Unified Comfort Panel neutral designSIMATIC HMI MTP2200 Unified Comfort Hygienic neutral designSIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensioSIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unitSIMATIC HMI MTP1200 Unified Comfort Panel hygienicIndustrial Edge Device Kit - x86-64 V1.15Industrial Edge Device Kit - arm64 V1.6SIMATIC IPC BX-59A Industrial Edge DeviceSIMATIC HMI MTP1900 Unified Comfort Panel neutral designIndustrial Edge Device Kit - arm64 V1.18Industrial Edge Device Kit - x86-64 V1.19SIPLUS HMI MTP1000 Unified ComfortSIMATIC IPC427E Industrial Edge DeviceIndustrial Edge Device Kit - x86-64 V1.25SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral designSCALANCE LPE9433Industrial Edge Device Kit - arm64 V1.22SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unitSIPLUS HMI MTP700 Unified ComfortSIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unitSIMATIC IPC127E Industrial Edge DeviceSIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom)SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom)Industrial Edge Device Kit - x86-64 V1.5SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unitSIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral designSIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom)SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom)SIMATIC Automation Workstation 19"SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom)Industrial Edge Device Kit - arm64 V1.20SIMATIC HMI MTP700 Unified Comfort PanelSIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top)Industrial Edge Device Kit - x86-64 V1.12Industrial Edge Device Kit - arm64 V1.21Industrial Edge Cloud Device (IECD)Industrial Edge Device Kit - arm64 V1.13SIMATIC HMI MTP1900 Unified Comfort PanelIndustrial Edge Device Kit - arm64 V1.7SIMATIC HMI MTP1200 Unified Comfort PanelSCALANCE LPE9413SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom)Industrial Edge Device Kit - x86-64 V1.6
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-40829
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.78%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 08:36
Updated-15 Dec, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-40941
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.81%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-10 Dec, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-40940
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-10 Dec, 2025 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data, potentially leading to a breach of confidentiality.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-40939
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 6.53%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-16 Dec, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-284
Improper Access Control
CVE-2025-40938
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.2||CRITICAL
EPSS-0.06% / 19.45%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-10 Dec, 2025 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-40937
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.10% / 26.69%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-10 Dec, 2025 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited privileges.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-40935
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.20%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device.

Action-Not Available
Vendor-Siemens AG
Product-RUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RSG909RRUGGEDCOM RST916PRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSL910RUGGEDCOM RSG910CRUGGEDCOM RST916CRUGGEDCOM RST2228PRUGGEDCOM RSG2488 V5.XRUGGEDCOM RSG2300 V5.XRUGGEDCOM RSG907RRUGGEDCOM RSG908CRUGGEDCOM RS416v2 V5.XRUGGEDCOM RMC8388 V5.XRUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RST2228RUGGEDCOM RSG920P V5.X
CWE ID-CWE-20
Improper Input Validation
CVE-2025-40831
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.11%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-10 Dec, 2025 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report functionality.

Action-Not Available
Vendor-Siemens AG
Product-sinec_security_monitorSINEC Security Monitor
CWE ID-CWE-20
Improper Input Validation
CVE-2025-40830
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.4||HIGH
EPSS-0.02% / 2.97%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-10 Dec, 2025 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any file on server or sensor.

Action-Not Available
Vendor-Siemens AG
Product-sinec_security_monitorSINEC Security Monitor
CWE ID-CWE-285
Improper Authorization
CVE-2025-40820
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.09% / 25.35%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-300 CPU 315F-2 PN/DPSIMATIC S7-1500 CPU 1515F-2 PNSIPLUS S7-1200 CPU 1215 DC/DC/DCSIPLUS S7-1500 CPU 1516F-3 PN/DPSIPLUS S7-1200 CPU 1212C DC/DC/DCSIMATIC S7-200 SMART CPU SR30SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-LSIMATIC PN/MF CouplerSIPLUS S7-1200 CPU 1215 DC/DC/RLYSIPLUS S7-1200 CPU 1212C AC/DC/RLYSIMATIC S7-200 SMART CPU ST20SIMATIC ET 200SP IM 155-6 PN/3 HFSIPLUS S7-300 CPU 315-2 PN/DPSIMATIC ET 200pro IM 154-8 PN/DP CPUSIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC S7-300 CPU 319-3 PN/DPSIPLUS S7-300 CPU 314C-2 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSIMATIC ET 200clean, CM 8x IO-LinkSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-400 CPU 414F-3 PN/DP V7SIPLUS S7-1200 CPU 1215C DC/DC/DCSIMATIC PN/PN CouplerSIMATIC S7-1200 CPU 1217C DC/DC/DCSIPLUS NET PN/PN CouplerSIMATIC ET 200eco PN, DI 16x24VDC, M12-LSIDOOR ATE530S COATEDSIMATIC ET 200eco PN, AI 8xRTD/TC, M12-LSIMATIC S7-300 CPU 317T-3 PN/DPSIMATIC S7-1200 CPU 1211C DC/DC/DCSIMATIC ET 200eco PN, DI 8x24VDC, M12-LSINUMERIK 840D slSIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1212C DC/DC/RlySIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)SIMATIC CFU PASIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-1200 CPU 1212FC DC/DC/DCSIMATIC ET 200S IM 151-8F PN/DP CPUSIWAREX WP522 STSIMATIC TDC CP51M1SIMATIC Power Line Booster PLB, Modem Module STSIMATIC S7-200 SMART CPU CR60SIMATIC S7-1200 CPU 1214FC DC/DC/RlySIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)SIMATIC S7-1200 CPU 1215C AC/DC/RlySIPLUS HCS4300 CIM4310SIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-400 CPU 412-2 PN V7SIPLUS ET 200SP IM 155-6 PN HF TX RAILSIMATIC ET 200MP IM 155-5 PN HFSIWAREX WP521 STSIMATIC S7-200 SMART CPU SR60SIMATIC ET 200SP IM 155-6 MF HFSIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC ET 200AL IM 157-1 PNSIMATIC ET 200SP IM 155-6 PN HFSIPLUS S7-1200 CPU 1214 DC/DC/RLYSIMATIC S7-200 SMART CPU CR40SIPLUS S7-1200 CPU 1214FC DC/DC/DCSIMATIC ET 200SP IM 155-6 PN/2 HFSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)SIPLUS ET 200S IM 151-8F PN/DP CPUSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-400 CPU 414-3 PN/DP V7SIMATIC S7-1200 CPU 1212C AC/DC/RlySIMATIC S7-300 CPU 315-2 PN/DPSIMATIC S7-400 CPU 416F-3 PN/DP V7SIMATIC S7-1200 CPU 1214C AC/DC/RlySIPLUS S7-1200 CPU 1215FC DC/DC/DCSIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-LSIMATIC ET 200eco PN, CM 8x IO-Link, M12-LSIMATIC TDC CPU555SIMOCODE pro V PROFINETSIWAREX WP231SIPLUS HCS4200 CIM4210SIPLUS S7-1200 CPU 1214 AC/DC/RLYSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1515-2 PNSIMATIC ET 200clean, DI 16x24VDCSIMATIC S7-1200 CPU 1215C DC/DC/DCSIMATIC S7-300 CPU 319F-3 PN/DPSIMATIC Power Line Booster PLB, Base ModuleSIPLUS HCS4200 CIM4210CSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC ET 200pro IM 154-8FX PN/DP CPUSIMATIC ET 200eco PN, CM 4x IO-Link, M12-LSIMATIC S7-400 CPU 416-3 PN/DP V7SIWAREX WP241SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSIMATIC S7-1200 CPU 1214C DC/DC/DCSIPLUS ET 200SP IM 155-6 PN HFSIPLUS ET 200MP IM 155-5 PN HFSIWAREX WP251SIMATIC S7-1200 CPU 1212C DC/DC/DCSIDOOR ATD430WSIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)SIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1200 CPU 1211C AC/DC/RlySIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC S7-1200 CPU 1212FC DC/DC/RlySIMATIC S7-200 SMART CPU SR20SIMATIC S7-1200 CPU 1214C DC/DC/RlySIMATIC CFU DIQSIMATIC ET 200clean, DIQ 16x24VDC/0,5ASIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-200 SMART CPU SR40SIPLUS ET 200S IM 151-8 PN/DP CPUSIMATIC S7-1200 CPU 1215FC DC/DC/DCSIMATIC S7-1200 CPU 1215FC DC/DC/RlySIMATIC S7-1500 CPU 1511F-1 PNSIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS ET 200SP CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1513F-1 PNSIPLUS ET 200MP IM 155-5 PN HF T1 RAILSIPLUS S7-1200 CPU 1214C AC/DC/RLYSIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS S7-1200 CPU 1214C DC/DC/DCSIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC S7-1200 CPU 1215C DC/DC/RlySIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSIMATIC S7-200 SMART CPU ST30SIMATIC S7-200 SMART CPU ST60SIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC S7-1200 CPU 1211C DC/DC/RlySIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)SIMATIC ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1200 CPU 1212 AC/DC/RLYSIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC ET 200S IM 151-8 PN/DP CPUSIMATIC S7-200 SMART CPU ST40SIPLUS S7-1500 CPU 1511F-1 PNSIDOOR ATE530G COATEDSIMATIC ET 200pro IM 154-8F PN/DP CPUSIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-LSIMATIC S7-300 CPU 317TF-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PN
CWE ID-CWE-940
Improper Verification of Source of a Communication Channel
CVE-2025-40819
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.30%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-10 Dec, 2025 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass license limitations without proper enforcement checks. This could allow with database access to circumvent licensing restrictions by directly modifying database values and potentially enabling unauthorized use beyond the permitted scope.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-40818
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-3.3||LOW
EPSS-0.01% / 1.04%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-10 Dec, 2025 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-40807
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-02 Jan, 2026 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions.

Action-Not Available
Vendor-Siemens AG
Product-gridscale_x_prepayGridscale X Prepay
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2025-40806
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 14.94%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-02 Jan, 2026 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.

Action-Not Available
Vendor-Siemens AG
Product-gridscale_x_prepayGridscale X Prepay
CWE ID-CWE-204
Observable Response Discrepancy
CVE-2025-40801
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.2||CRITICAL
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2506.6000 with Cloud Entitlement (bundled as NX X)), Simcenter 3D (All versions < V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Femap (All versions < V2506.0002 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Studio (All versions), Simcenter System Architect (All versions), Tecnomatix Plant Simulation (All versions < V2504.0007). The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.

Action-Not Available
Vendor-Siemens AG
Product-COMOS V10.6Tecnomatix Plant SimulationNX V2412Simcenter 3DJT Bi-Directional Translator for STEPSimcenter System ArchitectNX V2506Simcenter StudioSimcenter Femap
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-40800
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-9.1||CRITICAL
EPSS-0.02% / 4.88%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edge SE2026COMOS V10.6NX V2412Simcenter 3DSolid Edge SE2025NX V2506Simcenter Femap
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-56840
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.18%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-13 Jan, 2026 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_ii_firmwareruggedcom_rox_iiRUGGEDCOM ROX RX1501RUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1536RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1500RUGGEDCOM ROX MX5000RE
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-56839
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.11% / 29.18%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-13 Jan, 2026 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_ii_firmwareruggedcom_rox_iiRUGGEDCOM ROX RX1501RUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1536RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1500RUGGEDCOM ROX MX5000RE
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-56838
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.06% / 19.04%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-13 Jan, 2026 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_ii_firmwareruggedcom_rox_iiRUGGEDCOM ROX RX1501RUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1536RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1500RUGGEDCOM ROX MX5000RE
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-56837
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.07% / 20.08%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-13 Jan, 2026 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_ii_firmwareruggedcom_rox_iiRUGGEDCOM ROX RX1501RUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1536RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1500RUGGEDCOM ROX MX5000RE
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-56836
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.7||HIGH
EPSS-0.06% / 19.60%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-13 Jan, 2026 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_ii_firmwareruggedcom_rox_iiRUGGEDCOM ROX RX1501RUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1536RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1500RUGGEDCOM ROX MX5000RE
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-56835
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.06% / 19.60%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-13 Jan, 2026 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_ii_firmwareruggedcom_rox_iiRUGGEDCOM ROX RX1501RUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1536RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1500RUGGEDCOM ROX MX5000RE
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-40936
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 11:39
Updated-10 Feb, 2026 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258), Solid Edge (All versions < V226.00 Update 03). The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755)

Action-Not Available
Vendor-Siemens AG
Product-Solid EdgePS/IGES Parasolid Translator Component
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-40834
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 13.29%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 11:39
Updated-18 Nov, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks.

Action-Not Available
Vendor-Siemens AG
Product-Mendix RichText
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-40827
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edge SE2025Siemens Software Center
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-40817
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.86%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to change time of the device, which means the device could behave differently.

Action-Not Available
Vendor-Siemens AG
Product-LOGO! 24CESIPLUS LOGO! 12/24RCESIPLUS LOGO! 12/24RCEoSIPLUS LOGO! 230RCEoLOGO! 12/24RCEoLOGO! 24RCESIPLUS LOGO! 24RCEoSIPLUS LOGO! 24RCELOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoLOGO! 24CEoLOGO! 230RCESIPLUS LOGO! 230RCESIPLUS LOGO! 24CE
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-40816
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-0.06% / 18.91%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable.

Action-Not Available
Vendor-Siemens AG
Product-LOGO! 24CESIPLUS LOGO! 12/24RCESIPLUS LOGO! 12/24RCEoSIPLUS LOGO! 230RCEoLOGO! 12/24RCEoLOGO! 24RCESIPLUS LOGO! 24RCEoSIPLUS LOGO! 24RCELOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoLOGO! 24CEoLOGO! 230RCESIPLUS LOGO! 230RCESIPLUS LOGO! 24CE
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-40815
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.06% / 18.22%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.

Action-Not Available
Vendor-Siemens AG
Product-LOGO! 24CESIPLUS LOGO! 12/24RCESIPLUS LOGO! 12/24RCEoSIPLUS LOGO! 230RCEoLOGO! 12/24RCEoLOGO! 24RCESIPLUS LOGO! 24RCEoSIPLUS LOGO! 24RCELOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoLOGO! 24CEoLOGO! 230RCESIPLUS LOGO! 230RCESIPLUS LOGO! 24CE
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-40763
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.71%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious library in the controlled path.

Action-Not Available
Vendor-Siemens AG
Product-Altair Grid Engine
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-40760
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 4.93%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes for privileged accounts, which can then be subjected to offline brute-force attacks.

Action-Not Available
Vendor-Siemens AG
Product-Altair Grid Engine
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-40744
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.02% / 6.07%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edge SE2025
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-32014
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-5.6||MEDIUM
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-32011
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.10% / 26.73%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2024-32010
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.81%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run system commands via the database.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-32009
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.45%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-32008
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.02% / 3.48%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 20:20
Updated-12 Nov, 2025 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.

Action-Not Available
Vendor-Siemens AG
Product-Spectrum Power 4
CWE ID-CWE-648
Incorrect Use of Privileged APIs