Author: Admin @CloudCentric

GE Vernova Enervista UR Setup

Written by Admin @CloudCentric on February 17, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of these vulnerabilities may allow code execution with elevated privileges.

The following versions of GE Vernova Enervista UR Setup are affected:

Enervista UR Setup <8.70 (CVE-2026-1762, CVE-2026-1763)

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.8	GE Vernova	GE Vernova Enervista UR Setup	Uncontrolled Search Path Element, Path Traversal: ‘…/…//’

Background

Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States

Vulnerabilities

Expand All +

The GE Vernova Enervista UR Setup Installer for versions prior to 8.70 are vulnerable to DLL hijacking. When running the installer in a location with unknown or untrusted DLLs, an attacker could obtain code execution with administrative privileges.

View CVE Details

Affected Products

GE Vernova Enervista UR Setup

Vendor:
GE Vernova

Product Version:
GE Vernova Enervista UR Setup: <8.70

Product Status:
known_affected

Remediations

Vendor fix
GE Vernova recommends affected users to use patched versions of Enervista UR Setup: Versions 8.70 or later (https://www.gevernova.com/grid-solutions/resources?prod=urfamily&type=7).
https://www.gevernova.com/grid-solutions/resources?prod=urfamily&type=7

Relevant CWE: CWE-427 Uncontrolled Search Path Element

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2026-1763

GE Vernova Enervista UR Setup versions prior to 8.70 are vulnerable to directory traversal when opening certain firmware update files. This could allow an attacker to write to some files on the filesystem with the privileges of the logged-in user.

View CVE Details

Affected Products

GE Vernova Enervista UR Setup

Vendor:
GE Vernova

Product Version:
GE Vernova Enervista UR Setup: <8.70

Product Status:
known_affected

Remediations

Relevant CWE: CWE-35 Path Traversal: ‘…/…//’

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Acknowledgments

Reid Wightman of Dragos reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

Revision History

Initial Release Date: 2026-02-17

Date	Revision	Summary
2026-02-17	1	Initial Publication

Legal Notice and Terms of Use

Honeywell CCTV Products

Written by Admin @CloudCentric on February 17, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise.

The following versions of Honeywell CCTV Products are affected:

I-HIB2PI-UL 2MP IP 6.1.22.1216 (CVE-2026-1670)
SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670)
PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670)
25M IPC WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670)

CVSS	Vendor	Equipment	Vulnerabilities
v3 9.8	Honeywell	Honeywell CCTV Products	Missing Authentication for Critical Function

Background

Critical Infrastructure Sectors: Commercial Facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: United States

Vulnerabilities

Expand All +

CVE-2026-1670

The affected product is vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the “forgot password” recovery email address.

View CVE Details

Affected Products

Honeywell CCTV Products

Vendor:
Honeywell

Product Version:
Honeywell I-HIB2PI-UL 2MP IP: 6.1.22.1216, Honeywell SMB NDAA MVO-3: WDR_2MP_32M_PTZ_v2.0, Honeywell PTZ WDR 2MP 32M: WDR_2MP_32M_PTZ_v2.0, Honeywell 25M IPC: WDR_2MP_32M_PTZ_v2.0

Product Status:
known_affected

Remediations

Mitigation
Honeywell recommends users contact Honeywell at https://www.honeywell.com/us/en/contact/support for patch information.
https://www.honeywell.com/us/en/contact/support

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

Souvik Kandar reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

Revision History

Initial Release Date: 2026-02-17

Date	Revision	Summary
2026-02-17	1	Initial Publication

Legal Notice and Terms of Use

Siemens SINEC NMS

Written by Admin @CloudCentric on February 12, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens SINEC NMS are affected:

SINEC NMS: Versions prior to V4.0 SP2 (CVE-2026-25655)
SINEC NMS: All Versions (CVE-2026-25656)
User Management Component (UMC) vers:intdot/<2.15.2.1 (CVE-2026-25656)

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.8	Siemens	Siemens SINEC NMS	Uncontrolled Search Path Element

Background

Critical Infrastructure Sectors: Information Technology, Energy, Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2026-25655

The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative privilege.(ZDI-CAN-28107)

View CVE Details

Affected Products

Siemens SINEC NMS

Vendor:
Siemens

Product Version:
SINEC NMS

Product Status:
known_affected

Remediations

Vendor fix
Update to V4.0 SP2 or later version

Relevant CWE: CWE-427 Uncontrolled Search Path Element

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2026-25656

View CVE Details

Affected Products

Siemens SINEC NMS

Vendor:
Siemens

Product Version:
SINEC NMS, User Management Component (UMC)

Product Status:
known_affected

Remediations

Vendor fix
Update to V2.15.2.1 or later version

Vendor fix
Update UMC to V2.15.2.1 or later compatible version https://support.industry.siemens.com/cs/document/109996127/

Relevant CWE: CWE-427 Uncontrolled Search Path Element

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

Siemens ProductCERT reported these vulnerabilities to CISA.
Trend Micro Zero Day Initiative reported these vulnerabilities to Siemens.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-311973 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2026-02-10

Date	Revision	Summary
2026-02-10	1	Publication Date
2026-02-12	2	Initial CISA Republication of Siemens ProductCERT SSA-311973 advisory

Legal Notice and Terms of Use

Siemens Polarion

Written by Admin @CloudCentric on February 12, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens Polarion are affected:

Polarion V2404 vers:intdot/<2404.5 (CVE-2025-40587)
Polarion V2410 vers:intdot/<2410.2 (CVE-2025-40587)

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.6	Siemens	Siemens Polarion	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Background

Critical Infrastructure Sectors: Energy, Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2025-40587

The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by creating specially crafted document titles that are later viewed by other users of the application.

View CVE Details

Affected Products

Siemens Polarion

Vendor:
Siemens

Product Version:
Polarion V2404, Polarion V2410

Product Status:
known_affected

Remediations

Vendor fix
Update to V2404.5 or later version

Vendor fix
Update to V2410.2 or later version

Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Acknowledgments

Siemens ProductCERT reported this vulnerability to CISA.
Thales Digital Factory reported these vulnerabilities to Siemens.

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-035571 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2026-02-10

Date	Revision	Summary
2026-02-10	1	Publication Date
2026-02-12	2	Initial CISA Republication of Siemens ProductCERT SSA-035571 advisory

Legal Notice and Terms of Use

Siemens COMOS

Written by Admin @CloudCentric on February 12, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens COMOS are affected:

COMOS V10.4 vers:intdot/<10.4.5, vers:intdot/<10.4.5 (CVE-2024-47875, CVE-2025-2783)
COMOS V10.4.5 vers:intdot/<10.4.5.0.2 (CVE-2024-11053, CVE-2025-10148)
COMOS V10.5 vers:intdot/<10.5.2, vers:intdot/<10.5.2 (CVE-2025-2783, CVE-2024-47875)
COMOS V10.6 vers:all/* (CVE-2024-11053, CVE-2025-10148, CVE-2025-40800, CVE-2025-40801)

CVSS	Vendor	Equipment	Vulnerabilities
v3 10	Siemens	Siemens COMOS	Exposure of Sensitive Information to an Unauthorized Actor, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Improper Input Validation, Generation of Predictable Numbers or Identifiers, Improper Certificate Validation

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2024-11053

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

View CVE Details

Affected Products

Siemens COMOS

Vendor:
Siemens

Product Version:
COMOS V10.4.5, COMOS V10.6

Product Status:
known_affected

Remediations

None available
Currently no fix is available

Vendor fix
Contact customer support to receive patch and update information

Relevant CWE: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

View CVE Details

Affected Products

Siemens COMOS

Vendor:
Siemens

Product Version:
COMOS V10.4, COMOS V10.5

Product Status:
known_affected

Remediations

Vendor fix
Update to V10.4.5 or later version

Vendor fix
Update to V10.5.2 or later version

Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	10	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file.

View CVE Details

Affected Products

Siemens COMOS

Vendor:
Siemens

Product Version:
COMOS V10.4, COMOS V10.5

Product Status:
known_affected

Remediations

Vendor fix
Update to V10.4.5 or later version

Vendor fix
Update to V10.5.2 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.3	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVE-2025-10148

curl’s websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.

View CVE Details

Affected Products

Siemens COMOS

Vendor:
Siemens

Product Version:
COMOS V10.4.5, COMOS V10.6

Product Status:
known_affected

Remediations

None available
Currently no fix is available

Vendor fix
Contact customer support to receive patch and update information

Relevant CWE: CWE-340 Generation of Predictable Numbers or Identifiers

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2025-40800

The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.

View CVE Details

Affected Products

Siemens COMOS

Vendor:
Siemens

Product Version:
COMOS V10.6

Product Status:
known_affected

Remediations

None available
Currently no fix is available

Relevant CWE: CWE-295 Improper Certificate Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2025-40801

The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.

View CVE Details

Affected Products

Siemens COMOS

Vendor:
Siemens

Product Version:
COMOS V10.6

Product Status:
known_affected

Remediations

None available
Currently no fix is available

Relevant CWE: CWE-295 Improper Certificate Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

Siemens ProductCERT reported these vulnerabilities to CISA.

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-212953 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2025-12-09

Date	Revision	Summary
2025-12-09	1	Publication Date
2026-01-13	2	Removed CVE-2024-11053 and CVE-2025-10148 from COMOS V10.5.2 as this version line is not affected
2026-02-10	3	Added fix for COMOS V10.4.5
2026-02-12	4	Initial CISA Republication of Siemens ProductCERT SSA-212953 advisory

Legal Notice and Terms of Use

Siemens Desigo CC Product Family and SENTRON Powermanager

Written by Admin @CloudCentric on February 12, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Versions V6.0 through V8 QU1 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could lead to code execution in the context of the current process. Siemens has released instructions how to update the CodeMeter Runtime component and recommends to apply the update on affected systems.

The following versions of Siemens Desigo CC Product Family and SENTRON Powermanager are affected:

Desigo CC family V6 vers:all/* (CVE-2023-38545)
Desigo CC family V7 vers:all/* (CVE-2023-38545)
Desigo CC family V8: All versions prior to V8.0 QU2
SENTRON Powermanager V6 vers:all/* (CVE-2023-38545)
SENTRON Powermanager V7 vers:all/* (CVE-2023-38545)
SENTRON Powermanager V8: All versions prior to V8.0 QU2

CVSS	Vendor	Equipment	Vulnerabilities
v3 8.8	Siemens	Siemens Desigo CC Product Family and SENTRON Powermanager	Heap-based Buffer Overflow

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2023-38545

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes. If the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and instead passes on the resolved address only to the proxy. Due to a bug, the local variable that means “let the host resolve the name” could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.

View CVE Details

Affected Products

Siemens Desigo CC Product Family and SENTRON Powermanager

Vendor:
Siemens

Product Version:
Desigo CC family V6, Desigo CC family V7, Desigo CC family V8, SENTRON Powermanager V6, SENTRON Powermanager V7, SENTRON Powermanager V8

Product Status:
known_affected

Remediations

Vendor fix
Update to V8.0 QU2 or later version

Vendor fix
Apply patch as documented in section ‘Additional Information’

Relevant CWE: CWE-122 Heap-based Buffer Overflow

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Acknowledgments

Siemens ProductCERT reported this vulnerability to CISA.

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-507364 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2026-02-10

Date	Revision	Summary
2026-02-10	1	Publication Date
2026-02-12	2	Initial CISA Republication of Siemens ProductCERT SSA-507364 advisory

Legal Notice and Terms of Use

Siemens Solid Edge

Written by Admin @CloudCentric on February 12, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Solid Edge uses PS/IGES Parasolid Translator Component that contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for Solid Edge and recommends to update to the latest version.

The following versions of Siemens Solid Edge are affected:

Solid Edge: All versions prior to V226.00 Update 03

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.8	Siemens	Siemens Solid Edge	Out-of-bounds Read

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2025-40936

The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755)

View CVE Details

Affected Products

Siemens Solid Edge

Vendor:
Siemens

Product Version:
Solid Edge

Product Status:
known_affected

Remediations

Vendor fix
Update to V226.00 Update 03 or later version

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Acknowledgments

Siemens ProductCERT reported this vulnerability to CISA.
Trend Micro Zero Day Initiative reported this vulnerability to Siemens.

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-445819 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2026-02-10

Date	Revision	Summary
2026-02-10	1	Publication Date
2026-02-12	2	Initial CISA Republication of Siemens ProductCERT SSA-445819 advisory

Legal Notice and Terms of Use

Siemens SINEC OS

Written by Admin @CloudCentric on February 12, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

SINEC OS before V3.3 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens SINEC OS are affected:

RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XCH328 (6GK5328-4TS01-2EC2) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XCM324 (6GK5324-8TS01-2AC2) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XCM328 (6GK5328-4TS01-2AC2) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XCM332 (6GK5332-0GA01-2AC2) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRM334 (2×230 V AC, 12xFO) (6GK5334-3TS01-4AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRM334 (2×230 V AC, 8xFO) (6GK5334-2TS01-4AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)
SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) vers:intdot/<3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)

CVSS	Vendor	Equipment	Vulnerabilities
v3 10	Siemens	Siemens SINEC OS	Out-of-bounds Write, Double Free, Improper Input Validation, Use After Free, Improper Restriction of Operations within the Bounds of a Memory Buffer, Free of Memory not on the Heap, Buffer Over-read, Out-of-bounds Read, NULL Pointer Dereference, Improper Certificate Validation, Incorrect Comparison, Exposure of Sensitive Information to an Unauthorized Actor, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Multiple Releases of Same Resource or Handle, Integer Overflow to Buffer Overflow, Improper Access Control, Integer Overflow or Wraparound, Buffer Underwrite (‘Buffer Underflow’), Incorrect Calculation, Stack-based Buffer Overflow, Covert Timing Channel, Generation of Predictable Numbers or Identifiers, Missing Authentication for Critical Function, Allocation of Resources Without Limits or Throttling

Background

Critical Infrastructure Sectors: Energy, Critical Manufacturing, Transportation Systems, Water and Wastewater
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2022-48174

There is a stack overflow vulnerability in ash.c:6030 in BusyBox versions prior to 1.35. In the environment of internet of vehicles, this vulnerability can be exploited via crafted commands, potentially leading to arbitrary code execution.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Version:
RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2×230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2×230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2023-7256

In affected libpcap versions, during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller whether freeaddrinfo() needs to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-415 Double Free

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2023-39810

An issue in the CPIO command of Busybox v1.33.2 may allow an attacker to perform a directory traversal attack.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	6.1	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

CVE-2023-42363

A use-after-free vulnerability was discovered in the xasprintf function located in xfuncs_printf.c:344 in BusyBox v.1.36.1.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-416 Use After Free

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2023-42364

A use-after-free vulnerability in BusyBox v.1.36.1 may lead to denial of service through a crafted awk pattern processed by the evaluate function in awk.c.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-416 Use After Free

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2023-42365

A use-after-free vulnerability was identified in BusyBox v.1.36.1 through a crafted awk pattern processed by the copyvar function in awk.c

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-416 Use After Free

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2023-42366

A heap buffer overflow was discovered in BusyBox version 1.36.1 in the next_token function at awk.c:1159.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2024-6197

libcurl’s ASN1 parser includes the utf8asn1str() function, which is used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return an error. Unfortunately, when doing so it also invokes free() on a 4-byte local stack buffer. Most modern malloc implementations detect this error and immediately abort. Some, however, accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the free() implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploiting this flaw is a crash, although it cannot be ruled out that more serious results may occur under special circumstances.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-590 Free of Memory not on the Heap

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2024-6874

libcurl’s URL API function curl_url_get() offers punycode conversions to and from IDN. When converting a name that is exactly 256 bytes, libcurl may read outside of a stack-based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exactly – but does not null-terminate the string. This flaw can lead to stack contents accidentally getting returned as part of the converted string.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-126 Buffer Over-read

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2024-7264

libcurl’s ASN.1 parser code includes the GTime2str() function, which is used for parsing an ASN.1 generalized time field. If given a syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() being performed on a pointer to a heap buffer area that is not intentionally not null-terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2024-8006

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that becomes available is pcap_findalldevs_ex(). One of the function arguments can accept a filesystem path, which typically refers to a directory containing input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(). It does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer dereference.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-476 NULL Pointer Dereference

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2024-8096

When curl is configured to use the certificate status request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and may incorrectly consider the response valid. If the returned status reports an error other than ‘revoked’ (such as ‘unauthorized’) it is not treated as a bad certificate.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-295 Improper Certificate Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2024-9681

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain’s cache entry, causing it to expire earlier or later than intended. This affects curl-using applications that enable HSTS and use URLs with the insecure http:// scheme and perform transfers with hosts like x.example.com as well as example.com where the first host is a subdomain of the second host. (The HSTS cache must either have been populated manually or through previous HTTPS requests, as entries for the domains involved are required to trigger this issue.) When x.example.com responds with Strict-Transport-Security: headers, this bug can make the subdomain’s expiry timeout bleed over and get set for the parent domain example.com in curl’s HSTS cache. The result of a triggered bug is that HTTP accesses to example.com get converted to HTTPS for a different period of time than what was asked for by the origin server. If example.com for example stops supporting HTTPS at its expiry time, curl might then fail to access http://example.com until the (wrongly set) timeout expires. This bug can also expire the parent’s entry earlier, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-697 Incorrect Comparison

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

CVE-2024-11053

When configured to use a .netrc file for credentials and follow HTTP redirects, curl could leak the password from the first host to the redirect target host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits the password or both the login and password.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2024-12718

This vulnerability allows modifying some file metadata (e.g., last modified) with filter=”data” or file permissions (chmod) with filter=”tar” for files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives when extracting untrusted tar archives with TarFile.extractall() or TarFile.extract() and specifying the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions do not include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to “data”, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However, when evaluating source distributions it is important to avoid installing source distributions that contain suspicious links.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2024-41996

Validating the order of public keys in the Diffie-Hellman Key Agreement Protocol—when an approved safe prime is used—can allow remote attackers (from the client side) to trigger computationally expensive server-side DHE modular-exponentiation calculations. This can result in asymmetric resource consumption. In the basic attack scenario, the client claims that it can only communicate using DHE, and the server must be configured to allow DHE and validate the order of the public keys.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-295 Improper Certificate Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2024-47619

syslog-ng is an enhanced log daemon. Prior to version 4.8.2, `tls_wildcard_match()` matches certificates such as foo.*.bar, which is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided or invalidated. This issue could impact TLS connections and potentially enable man-in-the-middle attacks. Version 4.8.2 contains a fix for the issue.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-295 Improper Certificate Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2024-52533

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 is affected by an off-by-one error resulting in a buffer overflow because SOCKS4_CONN_MSG_LEN is insufficient to accommodate a trailing ” character.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-0167

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password from the first host to the redirect target host under certain circumstances. This flaw occurs only if the netrc file contains a default entry that omits both the login and password which is a rare circumstance.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	3.4	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CVE-2025-0665

libcurl could incorrectly close the same eventfd file descriptor twice when closing a connection channel after completing a threaded name resolution.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-1341 Multiple Releases of Same Resource or Handle

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2025-0725

When libcurl is configured to perform automatic gzip decompression of content-encoded HTTP responses using the CURLOPT_ACCEPT_ENCODING option with zlib version 1.2.0.3 or older, an attacker-controlled integer overflow could lead to a buffer overflow in libcurl

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-680 Integer Overflow to Buffer Overflow

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2025-1390

The PAM module pam_cap.so in libcap configuration supports group names starting with “@”. During parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in unintended users being granted unintended inherited capabilities, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by creating specially crafted usernames.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-284 Improper Access Control

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	6.1	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CVE-2025-3360

An integer overflow and buffer under-read in GLib occurs when parsing an excessively long or malformed ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-190 Integer Overflow or Wraparound

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2025-4138

This vulnerability allows the extraction filter to be ignored, which enables symlink targets to point outside the destination directory and permits modification of some file metadata. You are affected by this vulnerability if you use the tarfile module to extract untrusted tar archives with TarFile.extractall() or TarFile.extract() and specify the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later, the default value of filter= changed from “no filtering” to “data,” so if you rely on this new default behavior, your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions, which are tar archives, as source distributions already allow arbitrary code execution during the build process. However, when evaluating source distributions, it is important to avoid installing those with suspicious links.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2025-4330

This vulnerability allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory and permitting modification of some file metadata. You are affected by this vulnerability if you use the tarfile module to extract untrusted tar archives with TarFile.extractall() or TarFile.extract() and specify the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation (https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter) for more information. Note that for Python 3.14 or later, the default value of filter= changed from “no filtering” to “data,” so if you rely on this new default behavior, your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions, which are tar archives, as source distributions already allow arbitrary code execution during the build process. However, when evaluating source distributions, it is important to avoid installing those with suspicious links.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2025-4373

GLib contains an integer overflow vulnerability in the g_string_insert_unichar() function. If the specified insertion position is excessively large, it may overflow, resulting in a buffer underwrite.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-124 Buffer Underwrite (‘Buffer Underflow’)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CVE-2025-4435

When using TarFile.errorlevel = 0 and extracting with a filter, the documented behavior is that any filtered members should be skipped and not extracted. However, in affected versions, the actual behavior is that the member is still extracted and not skipped.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-682 Incorrect Calculation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2025-4516

An issue exists in CPython when using bytes.decode(“unicode_escape”, errors=”ignore|replace”). If you are not using the “unicode_escape” encoding or an error handler, your usage is not affected. To work around this issue, you may stop using the errors parameter and instead wrap the bytes.decode() call in a try-except block catching UnicodeDecodeError.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-416 Use After Free

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.1	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-4517

This vulnerability allows arbitrary filesystem writes outside the extraction directory during extraction with filter=”data”. You are affected by this vulnerability if you use the tarfile module to extract untrusted tar archives with TarFile.extractall() or TarFile.extract() and specify the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation (https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter) for more information. Note that for Python 3.14 or later, the default value of filter= changed from “no filtering” to “data,” so if you rely on this new default behavior, your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions, which are tar archives, as source distributions already allow arbitrary code execution during the build process. However, when evaluating source distributions, it is important to avoid installing those with suspicious links.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	9.4	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CVE-2025-6141

A vulnerability was discovered in GNU ncurses versions up to 6.5-20250322 and classified as a security issue. This vulnerability affects the postprocess_termcap function in the file tinfo/parse_entry.c. The manipulation leads to a stack-based buffer overflow. Exploitation of this vulnerability requires local access. Upgrading to version 6.5-20250329 addresses this issue. It is recommended to upgrade the affected component.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-121 Stack-based Buffer Overflow

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVE-2025-9086

First, a cookie is set using the secure keyword for https://target. Second, curl is redirected to, or otherwise made to communicate with, http://target (same hostname, but using clear-text HTTP) using the same cookie. Third, the same cookie name is set, but with just a slash as the path (path=’/’). Since this site is not secure, the cookie should be ignored. Fourth, a bug in the path comparison logic causes curl to read outside a heap buffer boundary. The bug may cause a crash or lead to an incorrect comparison, allowing the clear-text site to override the contents of the secure cookie. This behavior depends on the memory contents immediately following the single-byte allocation that holds the path. The expected behavior is to ignore the second cookie, as it was already set as secure on a secure host; overriding it on an insecure host should not be permitted.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-9230

An application attempting to decrypt CMS messages encrypted using password-based encryption can trigger an out-of-bounds read and write. This out-of-bounds read may trigger a crash, leading to an application denial of service. The out-of-bounds write can cause memory corruption, which may lead to various consequences, including a denial of service or execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that an attacker would be able to perform it is low. Additionally, password-based (PWRI) encryption support in CMS messages is very rarely used. For that reason, the issue was assessed as moderate severity. The FIPS modules in versions 3.5, 3.4, 3.3, 3.2, 3.1, and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2025-9231

A timing side-channel that could allow remote recovery of the private key exists in the SM2 algorithm implementation on 64-bit ARM platforms. A timing side-channel in SM2 signature computations on 64-bit ARM platforms could allow an attacker to recover the private key. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a signal that may enable such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS; therefore, this CVE is not relevant in most TLS contexts. However, because it is possible to add support for such certificates via a custom provider, and given that the private key may be recoverable through remote timing measurements in that context, this is considered a moderate severity issue. The FIPS modules in versions 3.5, 3.4, 3.3, 3.2, 3.1, and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-385 Covert Timing Channel

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVE-2025-9232

An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the ‘no_proxy’ environment variable is set, and the host portion of the authority component of the HTTP URL is an IPv6 address. An out-of-bounds read can trigger a crash, leading to an application denial of service. The OpenSSL HTTP client API functions can be used directly by applications, but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However, the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code, the out-of-bounds read can only trigger a crash. Furthermore, the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function, and the user must have a ‘no_proxy’ environment variable set. For the aforementioned reasons, the issue was assessed as low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0, and 3.5.0. The FIPS modules in versions 3.5, 3.4, 3.3, 3.2, 3.1, and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-10148

curl’s WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as required by the specification. Instead, it used a fixed mask that persisted throughout the entire connection. A predictable mask pattern allows a malicious server to induce traffic between the two communicating parties. This traffic could be interpreted by an involved proxy (configured or transparent) as genuine HTTP traffic with content, thereby poisoning its cache. The poisoned cache content could then be served to all users of that proxy.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-340 Generation of Predictable Numbers or Identifiers

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, an attacker can compare signing times of full-sized nonces to those of signatures using smaller nonces through statistical tests. There is a side-channel in the P-364 curve that allows private key extraction. Additionally, there is a dependency between the bit size of K and the size of the side channel. This CVE is disputed because the OpenSSL security policy explicitly states that any side channels requiring the same physical system to be detected are outside the software’s threat model. The timing signal is so small that it cannot be detected without the attacking process running on the same physical system.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-385 Covert Timing Channel

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2025-32433

Erlang/OTP is a collection of libraries and tools for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, an SSH server could allow an attacker to perform unauthenticated remote code execution. By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access and execute arbitrary commands without valid credentials. This issue is resolved in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or preventing access via firewall rules.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	10	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2025-38084

In the Linux kernel, the following vulnerability has been resolved: “mm/hugetlb: unshare page tables during VMA split, not before. ” Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are taken, which is too early. It allows racing VMA-locked page faults in the process and racing rmap walks from other processes to cause page tables to be shared again before the split occurs. This is fixed by explicitly calling the hugetlb unshare logic from __split_vma() in the same place where THP splitting also occurs. At that point, both the VMA and the rmap(s) are write-locked. A notable detail is that the helper hugetlb_unshare_pmds() can be called from two different locking contexts: First, from hugetlb_split(), holding: mmap lock (exclusively), VMA lock, file rmap lock (exclusively). Second, from hugetlb_unshare_all_pmds(), which appears to be designed to call with only the mmap lock held (in shared mode), but currently only runs while holding the mmap lock and VMA lock. This commit fixes a race condition introduced in commit b30c14cd6102 (“hugetlb: unshare some PMDs when splitting VMAs”). That commit claimed to fix an issue introduced in 5.13, but the fix should also apply to earlier versions.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2025-38085

In the Linux kernel, the following vulnerability has been resolved: “mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race.” huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes. This can potentially turn it into a normal page table used in another process, where unrelated VMAs can later be installed. If this occurs during a concurrent gup_fast() operation, the function could end up walking the page tables of another process. Although this does not appear to immediately lead to kernel memory corruption, it is highly unusual and unexpected. This is resolved by using an explicit broadcast IPI through tlb_remove_table_sync_one(), similar to the approach used in khugepaged when removing page tables for a THP collapse.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2025-38086

In the Linux kernel, the following vulnerability has been resolved: “net: ch9200: fix uninitialised access during mii_nway_restart.” In mii_nway_restart(), the code attempts to call mii->mdio_read, which is ch9200_mdio_read(). ch9200_mdio_read() uses a local buffer called buff, which is initialized with control_read(). However, buff is conditionally initialized inside control_read(). If the condition err == size is not met, then buff remains uninitialized. Once this happens, the uninitialized buff is accessed and returned during ch9200_mdio_read(). The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uninitialized access of buff. To fix this, the return value of control_read() should be checked and return early on error.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2025-38345

In the Linux kernel, the following vulnerability has been resolved: “ACPICA: fix ACPI operand cache leak in dswstate.c.” An ACPI cache leak was identified during early termination and continued boot scenarios. When early termination occurs due to a malicious ACPI table, the Linux kernel terminates the ACPI function and continues the boot process. While the kernel terminates the ACPI function, kmem_cache_destroy() reports an Acpi-Operand cache leak. Analysis revealed that the acpi_ds_obj_stack_pop_and_delete() function miscalculated the top of the stack. The acpi_ds_obj_stack_push() function uses walk_state->operand_index for the start position of the top, but acpi_ds_obj_stack_pop_and_delete() considers index 0. Therefore, this causes acpi operand memory leak. This cache leak poses a security risk because older kernels (<= 4.9) display memory locations of kernel functions in stack dumps. Malicious users could exploit this information to bypass kernel ASLR. A patch was developed to fix the ACPI operand cache leak.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2025-38350

In the Linux kernel, the following vulnerability has been resolved: “net/sched: Always pass notifications when child class becomes empty.” Certain classful qdiscs may invoke their classes’ dequeue handler during an enqueue operation. This may unexpectedly empty the child qdisc, causing an in-flight class to become passive via qlen_notify(). Most qdiscs do not expect such behavior at this point and may eventually re-activate the class anyway, which can lead to a use-after-free. The referenced fix commit attempted to address this behavior for the HFSC case by adjusting backlog accounting. However, this proved incomplete because the parent’s parent may also encounter the issue. Because backlog accounting issues causing use-after-free on stale class pointers have become a recurring problem, this patch takes a different approach. Instead of attempting to fix the accounting, the patch ensures that qdisc_tree_reduce_backlog() always calls qlen_notify() when the child qdisc is empty. This solves the problem because deletion of qdiscs always involves a call to qdisc_reset() and / or qdisc_purge_queue() which ultimately resets its qlen to 0 thus causing the following qdisc_tree_reduce_backlog() to report to the parent. Note that this may call qlen_notify() on passive classes multiple times. This is not an issue after the recent patch series that made all classful qdiscs’ qlen_notify() handlers idempotent.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2025-38498

In the Linux kernel, the following vulnerability has been resolved: “do_change_type(): refuse to operate on unmounted or non-owned mounts.” This change ensures that propagation settings can only be modified for mounts located in the caller’s mount namespace. This change aligns permission checking with the behavior of other mount(2) system calls.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.3	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

CVE-2025-39839

In the Linux kernel, the following vulnerability has been resolved: “batman-adv: fix out-of-bounds read/write in network-coding decode.” atadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom. Additionally, the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Ensure that coded_len fits within the payload area of both destination and source sk_buff structures before performing XOR operations.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2025-39841

In the Linux kernel, the following vulnerability has been resolved: “scsi: lpfc: Fix buffer free/clear order in deferred receive path.” This change addresses a use-after-free vulnerability by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the previous order could lead to a double-free or use-after-free condition. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path now follows the same pattern.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2025-39846

In the Linux kernel, the following vulnerability has been resolved: “pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region().” In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). res is dereferenced in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference if pcmcia_make_resource() fails. This issue is resolved by adding a check for res.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2025-39853

In the Linux kernel, the following vulnerability has been resolved: “i40e: Fix potential invalid access when MAC list is empty.” list_first_entry() never returns NULL—if the list is empty, it still returns a pointer to an invalid object, which can lead to invalid memory access when dereferenced. This issue is resolved by using list_first_entry_or_null() instead of list_first_entry().

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2025-39860

In the Linux kernel, the following vulnerability has been resolved: “Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen().” In the crash report, a single thread calling bt_accept_dequeue() freed sk and accessed it afterward. The root cause appears to be the racy l2cap_sock_cleanup_listen() call introduced by the cited commit. bt_accept_dequeue() is called under lock_sock() except when invoked by l2cap_sock_release(). Two threads could see the same socket during the list iteration in bt_accept_dequeue(). Depending on timing, the other thread could appear in the “Freed by task” section. The fix ensures that l2cap_sock_cleanup_listen() is called under lock_sock() in l2cap_sock_release().

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVE-2025-39864

In the Linux kernel, the following vulnerability has been resolved: “wifi: cfg80211: fix use-after-free in cmp_bss().” Following the bss_free() quirk introduced in commit 776b3580178f (“cfg80211: track hidden SSID networks properly”), update cfg80211_update_known_bss() to free the last beacon frame elements only if they are not shared via the corresponding hidden_beacon_bss pointer.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2025-39865

In the Linux kernel, the following vulnerability has been resolved: “tee: fix NULL pointer dereference in tee_shm_put().” tee_shm_put() has a NULL pointer dereference. Add a NULL check in tee_shm_put() to resolve the issue.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2025-59375

Expat versions prior to 2.7.2 allow attackers to trigger large dynamic memory allocations via a small document submitted for parsing.

View CVE Details

Affected Products

Siemens SINEC OS

Vendor:
Siemens

Product Status:
known_affected

Remediations

Vendor fix
Update to V3.3 or later version

Relevant CWE: CWE-770 Allocation of Resources Without Limits or Throttling

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Acknowledgments

Siemens reported these vulnerabilities to CISA.

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-089022 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2026-01-28

Date	Revision	Summary
2026-01-28	1	Publication Date
2026-02-12	2	Initial CISA Republication of Siemens SSA-089022 advisory

Legal Notice and Terms of Use

Siemens Siveillance Video Management Servers

Written by Admin @CloudCentric on February 12, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens Siveillance Video Management Servers are affected:

Siveillance Video V2023 R1: All versions < V23.1 HotfixRev18
Siveillance Video V2023 R2: All versions < V23.2 HotfixRev18
Siveillance Video V2023 R3: All versions < V23.3 HotfixRev23
Siveillance Video V2024 R1: All versions < V24.1 HotfixRev14
Siveillance Video V2025: All versions < V25.1 HotfixRev8

CVSS	Vendor	Equipment	Vulnerabilities
v3 6.3	Siemens	Siemens Siveillance Video Management Servers	Missing Authorization

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2025-0836

Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.

View CVE Details

Affected Products

Siemens Siveillance Video Management Servers

Vendor:
Siemens

Product Version:
Siveillance Video V2023 R1, Siveillance Video V2023 R2, Siveillance Video V2023 R3, Siveillance Video V2024 R1, Siveillance Video V2025

Product Status:
known_affected

Remediations

Mitigation
If, for any reason it is not possible to install the latest patch, we recommend auditing your role security settings and consider everyone with read-only access to the Management Server as having a full access to Webhooks configuration.

Vendor fix
Update to V23.1 HotfixRev18 or later version

Vendor fix
Update to V23.2 HotfixRev18 or later version

Vendor fix
Update to V23.3 HotfixRev23 or later version

Vendor fix
Update to V24.1 HotfixRev14 or later version

Vendor fix
Update to V25.1 HotfixRev8 or later version

Relevant CWE: CWE-862 Missing Authorization

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Acknowledgments

Siemens ProductCERT reported this vulnerability to CISA.
Milestone PSIRT reported this vulnerability to Siemens.

General Recommendations

As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-625934 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2026-02-10

Date	Revision	Summary
2026-02-10	1	Publication Date
2026-02-12	2	Initial CISA Republication of Siemens ProductCERT SSA-625934 advisory

Legal Notice and Terms of Use

Siemens NX

Written by Admin @CloudCentric on February 12, 2026. Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Siemens NX is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in CGM format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for NX and recommends to update to the latest version.

The following versions of Siemens NX are affected:

NX vers:intdot/<2512 (CVE-2026-22923, CVE-2026-22924, CVE-2026-22925)

CVSS	Vendor	Equipment	Vulnerabilities
v3 7.8	Siemens	Siemens NX	Stack-based Buffer Overflow, Out-of-bounds Read

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2026-22923

The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

View CVE Details

Affected Products

Siemens NX

Vendor:
Siemens

Product Version:
NX

Product Status:
known_affected

Remediations

Mitigation
Do not open untrusted CGM files in affected applications

Vendor fix
Update to V2512 or later version

Relevant CWE: CWE-121 Stack-based Buffer Overflow

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2026-22924

The affected applications contains an out of bounds read vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

View CVE Details

Affected Products

Siemens NX

Vendor:
Siemens

Product Version:
NX

Product Status:
known_affected

Remediations

Mitigation
Do not open untrusted CGM files in affected applications

Vendor fix
Update to V2512 or later version

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2026-22925

The affected applications contains an out of bounds read vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

View CVE Details

Affected Products

Siemens NX

Vendor:
Siemens

Product Version:
NX

Product Status:
known_affected

Remediations

Mitigation
Do not open untrusted CGM files in affected applications

Vendor fix
Update to V2512 or later version

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Acknowledgments

Siemens ProductCERT reported these vulnerabilities to CISA.
Michael Heinzl reported this vulnerability to Siemens.

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-535115 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

Initial Release Date: 2026-02-10

Date	Revision	Summary
2026-02-10	1	Publication Date
2026-02-12	2	Initial CISA Republication of Siemens ProductCERT SSA-535115 advisory