Skip to main content
(844) 422-7000

Author: Admin @CloudCentric

Schneider Electric EcoStruxure Data Center Expert

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Schneider Electric is aware of a hard-coded credentials vulnerability in its EcoStruxure IT Data Center Expert (DCE) product that requires administrator credentials and enabling a feature (SOCKS Proxy) that is off by default. The EcoStruxure IT Data Center Expert product is a scalable monitoring software that collects, organizes, and distributes critical device information providing a comprehensive view of equipment. Failure to apply the remediation provided below may risk information disclosure, and remote compromise of the offer which could result in disruption of operations and access to system data.

The following versions of Schneider Electric EcoStruxure Data Center Expert are affected:

  • EcoStruxure IT Data Center Expert vers:intdot/<=9.0
  • EcoStruxure IT Data Center Expert 9.1
CVSS Vendor Equipment Vulnerabilities
v3 7.2 Schneider Electric Schneider Electric EcoStruxure Data Center Expert Use of Hard-coded Credentials

Background

  • Critical Infrastructure Sectors: Commercial Facilities, Energy, Food and Agriculture, Government Services and Facilities, Transportation Systems
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: France

Vulnerabilities

Expand All +

CVE-2025-13957

A hard-coded credentials vulnerability exists that could lead to information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default.

View CVE Details

Affected Products

Schneider Electric EcoStruxure Data Center Expert
Vendor:
Schneider Electric
Product Version:
EcoStruxure IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) v9.0 and prior
Product Status:
fixed, known_affected
Remediations

Vendor fix
v9.1 of EcoStruxure IT Data Center Expert includes a fix for this vulnerability and is available for download here: https://www.se.com/en/product-range/61851-ecostruxure-it-data-center-expert/#software-and-firmware

Mitigation
If users choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Harden the DCE instance according to the cybersecurity best practices documented in the EcoStruxure IT Data Center Expert Security Handbook • Ensure the SOCKS Proxy is disabled as in the default configuration.

Mitigation
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-069-05 Use of Hard-coded Credentials vulnerability in EcoStruxure IT Data Center Expert PDF Version https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-069-05.pdf

Mitigation
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-069-05 Use of Hard-coded Credentials vulnerability in EcoStruxure IT Data Center Expert CSAF Version https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-069-05.json

Relevant CWE: CWE-798 Use of Hard-coded Credentials

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

  • hassan ali of TrendAI Zero Day Initiative reported this vulnerability to Schneider Electric

General Security Recommendations

Schneider Electric strongly recommends the following industry cybersecurity best practices: * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. * Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. * Place all controllers in locked cabinets and never leave them in the “Program” mode. * Never connect programming software to any network other than the network intended for that device. * Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. * Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. * Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. For more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.

For More Information

This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process. For further information related to cybersecurity in Schneider Electric’s products, visit the company’s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp

LEGAL DISCLAIMER

THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION

About Schneider Electric

Schneider’s purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On. Our mission is to be the trusted partner in Sustainability and Efficiency. We are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep domain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation, software and services, delivering digital twins to enable profitable growth for our customers. We are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our meaningful purpose of a sustainable future for all. www.se.com

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Schneider Electric CPCERT SEVD-2026-069-05 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Schneider Electric CPCERT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-03-10
Date Revision Summary
2026-03-10 1 Original Release
2026-03-17 2 Initial CISA Republication of Schneider Electric SEVD-2026-069-05 advisory

Legal Notice and Terms of Use

Siemens SICAM SIAPP SDK

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

The SICAM SIAPP SDK contains multiple vulnerabilities that could allow an attacker to disrupt the customer-developed SIAPP or its simulation environment. Potential impacts include denial of service within the SIAPP, corruption of SIAPP data, or exploit the simulation environment. These vulnerabilities are only exploitable if the API is used improperly or hardening measures are not applied. Siemens has released a new version for SICAM SIAPP SDK and recommends to update to the latest version.

The following versions of Siemens SICAM SIAPP SDK are affected:

  • SICAM SIAPP SDK vers:intdot/<2.1.7
CVSS Vendor Equipment Vulnerabilities
v3 7.4 Siemens Siemens SICAM SIAPP SDK Out-of-bounds Write, Stack-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency, External Control of File Name or Path

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2026-25569

An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution.

View CVE Details

Affected Products

Siemens SICAM SIAPP SDK
Vendor:
Siemens
Product Version:
SICAM SIAPP SDK
Product Status:
known_affected
Remediations

Vendor fix
Update to V2.1.7 or later

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-25570

The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack overflow. This could allow an attacker to perform code execution and denial of service.

View CVE Details

Affected Products

Siemens SICAM SIAPP SDK
Vendor:
Siemens
Product Version:
SICAM SIAPP SDK
Product Status:
known_affected
Remediations

Vendor fix
Update to V2.1.7 or later

Relevant CWE: CWE-121 Stack-based Buffer Overflow

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-25571

The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.

View CVE Details

Affected Products

Siemens SICAM SIAPP SDK
Vendor:
Siemens
Product Version:
SICAM SIAPP SDK
Product Status:
known_affected
Remediations

Vendor fix
Update to V2.1.7 or later

Relevant CWE: CWE-130 Improper Handling of Length Parameter Inconsistency

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2026-25572

The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.

View CVE Details

Affected Products

Siemens SICAM SIAPP SDK
Vendor:
Siemens
Product Version:
SICAM SIAPP SDK
Product Status:
known_affected
Remediations

Vendor fix
Update to V2.1.7 or later

Relevant CWE: CWE-130 Improper Handling of Length Parameter Inconsistency

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2026-25573

The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise.

View CVE Details

Affected Products

Siemens SICAM SIAPP SDK
Vendor:
Siemens
Product Version:
SICAM SIAPP SDK
Product Status:
known_affected
Remediations

Vendor fix
Update to V2.1.7 or later

Relevant CWE: CWE-73 External Control of File Name or Path

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-25605

The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in denial of service or service disruption.

View CVE Details

Affected Products

Siemens SICAM SIAPP SDK
Vendor:
Siemens
Product Version:
SICAM SIAPP SDK
Product Status:
known_affected
Remediations

Vendor fix
Update to V2.1.7 or later

Relevant CWE: CWE-73 External Control of File Name or Path

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Acknowledgments

  • Siemens ProductCERT reported these vulnerabilities to CISA.
  • Maxime Rossi Bellom of Secmate reported these vulnerabilities to Siemens.

General Recommendations

Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid’s reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment. Recommended security guidelines can be found at: https://www.siemens.com/gridsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-903736 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-03-10
Date Revision Summary
2026-03-10 1 Publication Date
2026-03-17 2 Initial CISA Republication of Siemens ProductCERT SSA-903736 advisory

Legal Notice and Terms of Use

Trane Tracer SC, Tracer SC+, and Tracer Concierge

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product.

The following versions of Trane Tracer SC, Tracer SC+, and Tracer Concierge are affected:

  • Tracer SC
  • Tracer SC+
  • Tracer Concierge
CVSS Vendor Equipment Vulnerabilities
v3 8.1 Trane Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of a Broken or Risky Cryptographic Algorithm, Memory Allocation with Excessive Size Value, Missing Authorization, Use of Hard-coded Credentials, Use of Hard-coded, Security-relevant Constants

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Ireland

Vulnerabilities

Expand All +

CVE-2026-28252

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.

View CVE Details

Affected Products

Trane Tracer SC, Tracer SC+, and Tracer Concierge
Vendor:
Trane
Product Version:
Trane Tracer SC: <v4.4_SP7, Trane Tracer SC+: <v6.3.2310, Trane Tracer Concierge: <v6.3.2310
Product Status:
known_affected
Remediations

Vendor fix
Trane has released the following versions of Tracer SC+ for users to upgrade to:

Vendor fix
CVE-2026-28252, CVE-2026-28253, CVE-2026-28254: Tracer SC+ version v6.30.2313

Relevant CWE: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Metrics

CVSS Version Base Score Base Severity Vector String
3.0 8.1 HIGH CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2026-28253

A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition.

View CVE Details

Affected Products

Trane Tracer SC, Tracer SC+, and Tracer Concierge
Vendor:
Trane
Product Version:
Trane Tracer SC: <v4.4_SP7, Trane Tracer SC+: <v6.3.2310, Trane Tracer Concierge: <v6.3.2310
Product Status:
known_affected
Remediations

Vendor fix
Trane has released the following versions of Tracer SC+ for users to upgrade to:

Vendor fix
CVE-2026-28252, CVE-2026-28253, CVE-2026-28254: Tracer SC+ version v6.30.2313

Relevant CWE: CWE-789 Memory Allocation with Excessive Size Value

Metrics

CVSS Version Base Score Base Severity Vector String
3.0 7.5 HIGH CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2026-28254

A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.

View CVE Details

Affected Products

Trane Tracer SC, Tracer SC+, and Tracer Concierge
Vendor:
Trane
Product Version:
Trane Tracer SC: <v4.4_SP7, Trane Tracer SC+: <v6.3.2310, Trane Tracer Concierge: <v6.3.2310
Product Status:
known_affected
Remediations

Vendor fix
Trane has released the following versions of Tracer SC+ for users to upgrade to:

Vendor fix
CVE-2026-28252, CVE-2026-28253, CVE-2026-28254: Tracer SC+ version v6.30.2313

Relevant CWE: CWE-862 Missing Authorization

Metrics

CVSS Version Base Score Base Severity Vector String
3.0 5.8 MEDIUM CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CVE-2026-28255

A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

View CVE Details

Affected Products

Trane Tracer SC, Tracer SC+, and Tracer Concierge
Vendor:
Trane
Product Version:
Trane Tracer SC: <v4.4_SP7, Trane Tracer SC+: <v6.3.2310, Trane Tracer Concierge: <v6.3.2310
Product Status:
known_affected
Remediations

Vendor fix
Trane has released the following versions of Tracer SC+ for users to upgrade to:

Mitigation
CVE-2026-28255: Trane has implemented enhanced cloud security controls to mitigate this vulnerability.

Relevant CWE: CWE-798 Use of Hard-coded Credentials

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CVE-2026-28256

A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.

View CVE Details

Affected Products

Trane Tracer SC, Tracer SC+, and Tracer Concierge
Vendor:
Trane
Product Version:
Trane Tracer SC: <v4.4_SP7, Trane Tracer SC+: <v6.3.2310, Trane Tracer Concierge: <v6.3.2310
Product Status:
known_affected
Remediations

Vendor fix
Trane has released the following versions of Tracer SC+ for users to upgrade to:

Mitigation
CVE-2026-28256: Trane has implemented enhanced security controls which have been communicated to their customers. For more information, contact Trane.

Relevant CWE: CWE-547 Use of Hard-coded, Security-relevant Constants

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Acknowledgments

  • Noam Moshe of Claroty reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-03-12
Date Revision Summary
2026-03-12 1 Initial Publication

Legal Notice and Terms of Use

Siemens RUGGEDCOM APE1808 Devices

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.

The following versions of Siemens RUGGEDCOM APE1808 Devices are affected:

  • RUGGEDCOM APE1808 vers:all/*, vers:all/* (CVE-2026-24858, CVE-2025-55018, CVE-2025-62439, CVE-2025-64157)
CVSS Vendor Equipment Vulnerabilities
v3 9.8 Siemens Siemens RUGGEDCOM APE1808 Devices Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’), Improper Verification of Source of a Communication Channel, Use of Externally-Controlled Format String, Authentication Bypass Using an Alternate Path or Channel

Background

  • Critical Infrastructure Sectors: Critical Manufacturing, Energy, Transportation Systems
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2025-55018

An inconsistent interpretation of http requests (‘http request smuggling’) vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header

View CVE Details

Affected Products

Siemens RUGGEDCOM APE1808 Devices
Vendor:
Siemens
Product Version:
RUGGEDCOM APE1808
Product Status:
known_affected
Remediations

Vendor fix
Update Fortigate NGFW to V7.4.10 or later version. Contact customer support to receive patch and update information.

Mitigation
For more information see the associated Siemens security advisory SSA-975644 in HTML https://cert-portal.siemens.com/productcert/html/ssa-975644.html

Mitigation
For more information see the associated Siemens security advisory SSA-975644 in CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-975644.json

Relevant CWE: CWE-444 Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CVE-2025-62439

An inconsistent interpretation of http requests (‘http request smuggling’) vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header.

View CVE Details

Affected Products

Siemens RUGGEDCOM APE1808 Devices
Vendor:
Siemens
Product Version:
RUGGEDCOM APE1808
Product Status:
known_affected
Remediations

Vendor fix
Update Fortigate NGFW to V7.4.10 or later version with FSSO TS Agent version 5.0 build 0324 or later version. Contact customer support to receive patch and update information.

Mitigation
For more information see the associated Siemens security advisory SSA-975644 in HTML https://cert-portal.siemens.com/productcert/html/ssa-975644.html

Mitigation
For more information see the associated Siemens security advisory SSA-975644 in CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-975644.json

Relevant CWE: CWE-940 Improper Verification of Source of a Communication Channel

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 4.2 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.

View CVE Details

Affected Products

Siemens RUGGEDCOM APE1808 Devices
Vendor:
Siemens
Product Version:
RUGGEDCOM APE1808
Product Status:
known_affected
Remediations

Vendor fix
Update Fortigate NGFW to V7.4.10 or later version. Contact customer support to receive patch and update information.

Mitigation
For more information see the associated Siemens security advisory SSA-975644 in HTML https://cert-portal.siemens.com/productcert/html/ssa-975644.html

Mitigation
For more information see the associated Siemens security advisory SSA-975644 in CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-975644.json

Relevant CWE: CWE-134 Use of Externally-Controlled Format String

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2026-24858

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

View CVE Details

Affected Products

Siemens RUGGEDCOM APE1808 Devices
Vendor:
Siemens
Product Version:
RUGGEDCOM APE1808
Product Status:
known_affected
Remediations

Vendor fix
Update Fortigate NGFW to V7.4.11 or later version. Contact customer support to receive patch and update information.

Mitigation
For more information see the associated Siemens security advisory SSA-975644 in HTML https://cert-portal.siemens.com/productcert/html/ssa-975644.html

Mitigation
For more information see the associated Siemens security advisory SSA-975644 in CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-975644.json

Relevant CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

  • Siemens reported these vulnerabilities to CISA.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-975644 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-03-10
Date Revision Summary
2026-03-10 1 Publication Date
2026-03-12 2 Initial CISA Republication of Siemens ProductCERT SSA-975644 advisory

Legal Notice and Terms of Use

Siemens SIDIS Prime

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version.

The following versions of Siemens SIDIS Prime are affected:

  • SIDIS Prime vers:intdot/<4.0.800 (CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2024-41996, CVE-2025-6965, CVE-2025-7783, CVE-2025-9230, CVE-2025-9232, CVE-2025-9670, CVE-2025-12816, CVE-2025-15284, CVE-2025-58751, CVE-2025-58752, CVE-2025-58754, CVE-2025-62522, CVE-2025-64718, CVE-2025-64756, CVE-2025-66030, CVE-2025-66031, CVE-2025-66035, CVE-2025-66412, CVE-2025-69277, CVE-2026-22610)
CVSS Vendor Equipment Vulnerabilities
v3 8.7 Siemens Siemens SIDIS Prime Out-of-bounds Read, Observable Discrepancy, Improper Input Validation, Improper Certificate Validation, Numeric Truncation Error, Use of Insufficiently Random Values, Out-of-bounds Write, Inefficient Regular Expression Complexity, Interpretation Conflict, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Relative Path Traversal, Allocation of Resources Without Limits or Throttling, Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’), Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Integer Overflow or Wraparound, Uncontrolled Recursion, Insertion of Sensitive Information Into Sent Data, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Incomplete List of Disallowed Inputs

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2024-29857

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-203 Observable Discrepancy

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2024-41996

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-295 Improper Certificate Validation

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-197 Numeric Truncation Error

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L

CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 – 3.0.3, 4.0.0 – 4.0.3.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-330 Use of Insufficiently Random Values

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CVE-2025-9230

An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the ‘no_proxy’ environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a ‘no_proxy’ environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-125 Out-of-bounds Read

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-1333 Inefficient Regular Expression Complexity

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2025-12816

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-436 Interpretation Conflict

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CVE-2025-15284

Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. SummaryThe arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit for DoS protection are vulnerable. DetailsThe arrayLimit option only checks limits for indexed notation (a[0]=1&a[1]=2) but completely bypasses it for bracket notation (a[]=1&a[]=2). Vulnerable code (lib/parse.js:159-162): if (root === ‘[]’ && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code (lib/parse.js:175): else if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays. PoCTest 1 – Basic bypass: npm install qs const qs = require(‘qs’); const result = qs.parse(‘a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6’, { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Test 2 – DoS demonstration: const qs = require(‘qs’); const attack = ‘a[]=’ + Array(10000).fill(‘x’).join(‘&a[]=’); const result = qs.parse(attack, { arrayLimit: 100 }); console.log(result.a.length); // Output: 10000 (should be max 100) Configuration: * arrayLimit: 5 (test 1) or arrayLimit: 100 (test 2) * Use bracket notation: a[]=value (not indexed a[0]=value) ImpactDenial of Service via memory exhaustion. Affects applications using qs.parse() with user-controlled input and arrayLimit for protection. Attack scenario: * Attacker sends HTTP request: GET /api/search?filters[]=x&filters[]=x&…&filters[]=x (100,000+ times) * Application parses with qs.parse(query, { arrayLimit: 100 }) * qs ignores limit, parses all 100,000 elements into array * Server memory exhausted → application crashes or becomes unresponsive * Service unavailable for all users Real-world impact: * Single malicious request can crash server * No authentication required * Easy to automate and scale * Affects any endpoint parsing query strings with bracket notation

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-20 Improper Input Validation

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-58751

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using –host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2025-58752

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using –host or server.host config option) and use `appType: ‘spa’` (default) or `appType: ‘mpa’` are affected. This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-23 Relative Path Traversal

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2025-58754

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: ‘stream’`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-770 Allocation of Resources Without Limits or Throttling

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-62522

Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended with when the dev server is running on Windows. Only apps explicitly exposing the Vite dev server to the network and running the dev server on Windows were affected. This issue has been patched in versions 5.4.21, 6.4.1, 7.0.8, and 7.1.11.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2025-64718

js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it’s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node –disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/–cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2025-66030

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-190 Integer Overflow or Wraparound

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2025-66031

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-674 Uncontrolled Recursion

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular’s HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-201 Insertion of Sensitive Information Into Sent Data

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVE-2025-66412

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler’s internal security schema is incomplete, allowing attackers to bypass Angular’s built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVE-2025-69277

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren’t in the main cryptographic group.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-184 Incomplete List of Disallowed Inputs

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 4.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CVE-2026-22610

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.

View CVE Details

Affected Products

Siemens SIDIS Prime
Vendor:
Siemens
Product Version:
SIDIS Prime
Product Status:
known_affected
Remediations

Vendor fix
Update to V4.0.800 or later version

Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Acknowledgments

  • Siemens ProductCERT reported these vulnerabilities to CISA.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-485750 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-03-10
Date Revision Summary
2026-03-10 1 Publication Date
2026-03-12 2 Initial CISA Republication of Siemens ProductCERT SSA-485750 advisory

Legal Notice and Terms of Use

Siemens SIMATIC

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens SIMATIC are affected:

  • SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs – Windows OS vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs – Industrial OS vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs – Windows OS vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs – Windows OS vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs – Industrial OS vers:all/* (CVE-2025-40943)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs – Windows OS vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0) vers:intdot/<4.1.2 (CVE-2025-40943)
  • SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0) vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1507S F V2 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1507S F V3 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1507S F V4 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1507S V2 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1507S V3 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1507S V4 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1508S F V2 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1508S F V3 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1508S F V4 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1508S T V3 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1508S TF V3 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1508S V2 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1508S V3 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller CPU 1508S V4 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller Linux V2 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-1500 Software Controller Linux V3 vers:all/* (CVE-2025-40943)
  • SIMATIC S7-PLCSIM Advanced vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1515R-2 PN (6AG1515-2RM00-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL (6AG2515-2RM00-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) vers:all/* (CVE-2025-40943)
  • SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0) vers:all/* (CVE-2025-40943)
CVSS Vendor Equipment Vulnerabilities
v3 9.6 Siemens Siemens SIMATIC Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2025-40943

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file

View CVE Details

Affected Products

Siemens SIMATIC
Vendor:
Siemens
Product Version:
SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0), SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0), SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0), SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0), SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0), SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs – Windows OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs – Industrial OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs – Windows OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs – Windows OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs – Industrial OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs – Windows OS, SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0), SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0), SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0), SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0), SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0), SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0), SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0), SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0), SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0), SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0), SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0), SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0), SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0), SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0), SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0), SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0), SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0), SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0), SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0), SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0), SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0), SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0), SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0), SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4, SIMATIC S7-1500 Software Controller CPU 1508S T V3, SIMATIC S7-1500 Software Controller CPU 1508S TF V3, SIMATIC S7-1500 Software Controller CPU 1508S V2, SIMATIC S7-1500 Software Controller CPU 1508S V3, SIMATIC S7-1500 Software Controller CPU 1508S V4, SIMATIC S7-1500 Software Controller Linux V2, SIMATIC S7-1500 Software Controller Linux V3, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0), SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0), SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0), SIPLUS S7-1500 CPU 1515R-2 PN (6AG1515-2RM00-7AB0), SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL (6AG2515-2RM00-4AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0), SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0), SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0), SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0)
Product Status:
known_affected
Remediations

Mitigation
Disable the webserver if not required on the affected systems. Restrict the access to Port 80/tcp and 443/tcp to trusted IP address only

Mitigation
Only upload trusted trace files

None available
Currently no fix is available

Vendor fix
Update to V4.1.2 or later version

Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Acknowledgments

  • Siemens ProductCERT reported this vulnerability to CISA.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-452276 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-03-10
Date Revision Summary
2026-03-10 1 Publication Date
2026-03-12 2 Initial CISA Republication of Siemens ProductCERT SSA-452276 advisory

Legal Notice and Terms of Use

Siemens Heliox EV Chargers

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The following versions of Siemens Heliox EV Chargers are affected:

  • Heliox Flex 180 kW EV Charging Station
  • Heliox Mobile DC 40 kW EV Charging Station
CVSS Vendor Equipment Vulnerabilities
v3 2.6 Siemens Siemens Heliox EV Chargers Improper Restriction of Communication Channel to Intended Endpoints

Background

  • Critical Infrastructure Sectors: Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: Germany

Vulnerabilities

Expand All +

CVE-2025-27769

Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable.

View CVE Details

Affected Products

Siemens Heliox EV Chargers
Vendor:
Siemens
Product Version:
Heliox Flex 180 kW EV Charging Station, Heliox Mobile DC 40 kW EV Charging Station
Product Status:
known_affected
Remediations

Vendor fix
Contact customer support for patch information via OTA update

Relevant CWE: CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 2.6 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Acknowledgments

  • Siemens ProductCERT reported this vulnerability to CISA.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens’ operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-126399 from a direct conversion of the vendor’s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA’s website as a means of increasing visibility and is provided “as-is” for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Revision History

  • Initial Release Date: 2026-03-10
Date Revision Summary
2026-03-10 1 Publication Date
2026-03-12 2 Initial CISA Republication of Siemens ProductCERT SSA-126399 advisory

Legal Notice and Terms of Use

Inductive Automation Ignition Software

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running.

The following versions of Inductive Automation Ignition Software are affected:

  • Ignition Software <8.3.0 (CVE-2025-13913)
CVSS Vendor Equipment Vulnerabilities
v3 6.3 Inductive Automation Inductive Automation Ignition Software Deserialization of Untrusted Data

Background

  • Critical Infrastructure Sectors: Information Technology
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: United States

Vulnerabilities

Expand All +

CVE-2025-13913

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code during deserialization.

View CVE Details

Affected Products

Inductive Automation Ignition Software
Vendor:
Inductive Automation
Product Version:
Inductive Automation Ignition Software: <8.3.0
Product Status:
known_affected
Remediations

Mitigation
Fix – upgrade Ignition software from 8.1.x to 8.3.0 or greater.

Mitigation
MITIGATION (8.1.x Linux). Implement Ignition Security Hardening Guide Appendix A. https://inductiveautomation.com/resources/article/ignition-security-hardening-guide

Mitigation
MITIGATION (8.1.x Windows). Covered in Ignition Security Hardening Guide Appendix A. 1. Create a new dedicated local Windows account that will be used exclusively for the Ignition service (e.g. svc-ign). a. The best security practice is that the Ignition service should not be a domain account (unless otherwise needed). b. Remove all group memberships from the service account (including Users and Administrators). c. Add to security policy to log in as a service. d. Add to “Deny log on locally” security policy. 2. Provide full read/write access only to the Ignition installation directory for the service account created in #1. a. Add read/write permissions to other directories in the local filesystem as needed (e.g.: if configured to use optional Enterprise Administration Module to write automated backups to the file system). 3. Set deny access settings for service account on other directories not needed by the Ignition service. a. Specifically the C:Windows, C:Users, and directories for any other applications in the Program Files or Program Files(x86) directories. b. Use java param to change temp directory to a location within the Ignition install directory so the Users folder can be denied access to the Ignition service account.

Mitigation
BEST PRACTICES (8.1.x and 8.3.x)4. Restrict project imports to verified and trusted sources only, ideally using checksums or digital signatures.5. Use multiple environments (e.g. Dev, Test, Prod) with a staging workflow so that new data is never introduced directly to Production environments. See Ignition Deployment Best Practices.6. When feasible, segment or isolate Ignition gateways from corporate resources and Windows Domains.a. The Ignition service account or AD server object should never need Windows Domain or Windows Active Directory privileges. This would only be needed if an Asset Owners IT or OT department uses this for management outside Ignition.b. Ignition may be federated with Active Directory environments (e.g. OT domains) by entering “Authentication Profile” credentials within the Ignition gateway itself. This could use secure LDAP, SAML, or OpenID Connect.7. When feasible, enforce strong credential management and MFA for all users with Designer permissions (8.1.x and 8.3.x), Config Page permissions (8.1.x), and Config Write permissions (8.3.x).8. When feasible, deploy Ignition within hardened or containerized environments.

Relevant CWE: CWE-502 Deserialization of Untrusted Data

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 6.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Acknowledgments

  • Nik Tsytsarkin, Ismail Aydemir, and Ryan Hall of Meta reported this vulnerability to Inductive Automation
  • Nathan Boeger and Joel Specht of Inductive Automation ([email protected]) reported this vulnerability to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

Revision History

  • Initial Release Date: 2026-03-12
Date Revision Summary
2026-03-12 1 Initial Publication

Legal Notice and Terms of Use

Lantronix EDS3000PS and EDS5000

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code with root-level privileges.

The following versions of Lantronix EDS3000PS and EDS5000 are affected:

  • EDS3000PS 3.1.0.0R2 (CVE-2025-67039, CVE-2025-70082, CVE-2025-67041)
  • EDS5000 2.1.0.0R3 (CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038)
CVSS Vendor Equipment Vulnerabilities
v3 9.8 Lantronix Lantronix EDS3000PS and EDS5000 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Authentication Bypass Using an Alternate Path or Channel, Unverified Password Change

Background

  • Critical Infrastructure Sectors: Communications, Information Technology, Critical Manufacturing
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: United States

Vulnerabilities

Expand All +

CVE-2025-67034

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the “name” parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.

View CVE Details

Affected Products

Lantronix EDS3000PS and EDS5000
Vendor:
Lantronix
Product Version:
Lantronix EDS5000: 2.1.0.0R3
Product Status:
known_affected
Remediations

Vendor fix
For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.

View CVE Details

Affected Products

Lantronix EDS3000PS and EDS5000
Vendor:
Lantronix
Product Version:
Lantronix EDS5000: 2.1.0.0R3
Product Status:
known_affected
Remediations

Vendor fix
For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.

View CVE Details

Affected Products

Lantronix EDS3000PS and EDS5000
Vendor:
Lantronix
Product Version:
Lantronix EDS5000: 2.1.0.0R3
Product Status:
known_affected
Remediations

Vendor fix
For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the “tunnel” parameter when killing a tunnel connection. Injected commands are executed with root privileges.

View CVE Details

Affected Products

Lantronix EDS3000PS and EDS5000
Vendor:
Lantronix
Product Version:
Lantronix EDS5000: 2.1.0.0R3
Product Status:
known_affected
Remediations

Vendor fix
For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user’s authentication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

View CVE Details

Affected Products

Lantronix EDS3000PS and EDS5000
Vendor:
Lantronix
Product Version:
Lantronix EDS5000: 2.1.0.0R3
Product Status:
known_affected
Remediations

Vendor fix
For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-67039

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses “admin” as the username.

View CVE Details

Affected Products

Lantronix EDS3000PS and EDS5000
Vendor:
Lantronix
Product Version:
Lantronix EDS3000PS: 3.1.0.0R2
Product Status:
known_affected
Remediations

Vendor fix
For vulnerabilities CVE-2025-67039, CVE-2025-70082, and CVE-2025-67041, Lantronix recommends users upgrade to EDS3000PS version 3.2.0.0R2. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/1349189633/Latest+Firmware+for+the+EDS3000PS+series.

Relevant CWE: CWE-288 Authentication Bypass Using an Alternate Path or Channel

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-70082

The administrator password can be changed without knowledge of the current password. When chained with an authentication bypass vulnerability, this issue may allow unauthenticated attackers to modify the administrator password.

View CVE Details

Affected Products

Lantronix EDS3000PS and EDS5000
Vendor:
Lantronix
Product Version:
Lantronix EDS3000PS: 3.1.0.0R2
Product Status:
known_affected
Remediations

Vendor fix
For vulnerabilities CVE-2025-67039, CVE-2025-70082, and CVE-2025-67041, Lantronix recommends users upgrade to EDS3000PS version 3.2.0.0R2. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/1349189633/Latest+Firmware+for+the+EDS3000PS+series.

Relevant CWE: CWE-620 Unverified Password Change

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

View CVE Details

Affected Products

Lantronix EDS3000PS and EDS5000
Vendor:
Lantronix
Product Version:
Lantronix EDS3000PS: 3.1.0.0R2
Product Status:
known_affected
Remediations

Vendor fix
For vulnerabilities CVE-2025-67039, CVE-2025-70082, and CVE-2025-67041, Lantronix recommends users upgrade to EDS3000PS version 3.2.0.0R2. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/1349189633/Latest+Firmware+for+the+EDS3000PS+series.

Relevant CWE: CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Acknowledgments

  • Francesco La Spina and Stanislav Dashevskyi of Forescout Technologies reported these vulnerabilities to CISA

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-03-10
Date Revision Summary
2026-03-10 1 Initial Publication

Legal Notice and Terms of Use

Apeman Cameras

Written by Admin @CloudCentric on . Posted in CISA-Published Industrial Control System Vulnerabilities.

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to take control of the device or view camera feeds.

The following versions of Apeman Cameras are affected:

  • ID71 vers:all/* (CVE-2025-11126, CVE-2025-11851, CVE-2025-11852)
CVSS Vendor Equipment Vulnerabilities
v3 9.8 Apeman Apeman Cameras Insufficiently Protected Credentials, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Missing Authentication for Critical Function

Background

  • Critical Infrastructure Sectors: Commercial Facilities
  • Countries/Areas Deployed: Worldwide
  • Company Headquarters Location: China

Vulnerabilities

Expand All +

CVE-2025-11126

A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

View CVE Details

Affected Products

Apeman Cameras
Vendor:
Apeman
Product Version:
Apeman ID71: vers:all/*
Product Status:
known_affected
Remediations

Mitigation
Apeman did not respond to CISAs request for coordination. Users are encouraged to reach out to Apeman for support https://apemans.com/pages/contactus

Relevant CWE: CWE-522 Insufficiently Protected Credentials

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2025-11851

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

View CVE Details

Affected Products

Apeman Cameras
Vendor:
Apeman
Product Version:
Apeman ID71: vers:all/*
Product Status:
known_affected
Remediations

Mitigation
Apeman did not respond to CISAs request for coordination. Users are encouraged to reach out to Apeman for support https://apemans.com/pages/contactus

Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CVE-2025-11852

A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

View CVE Details

Affected Products

Apeman Cameras
Vendor:
Apeman
Product Version:
Apeman ID71: vers:all/*
Product Status:
known_affected
Remediations

Mitigation
Apeman did not respond to CISAs request for coordination. Users are encouraged to reach out to Apeman for support https://apemans.com/pages/contactus

Relevant CWE: CWE-306 Missing Authentication for Critical Function

Metrics

CVSS Version Base Score Base Severity Vector String
3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Acknowledgments

  • CISA discovered the PoCs (Proof of Concept) as authored by Julio Urena

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Do not click web links or open attachments in unsolicited email messages.

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

Revision History

  • Initial Release Date: 2026-03-10
Date Revision Summary
2026-03-10 1 Initial Publication

Legal Notice and Terms of Use