Siemens has released new versions for the affected products and recommends to update to the latest versions.

Two null point dereference vulnerabilities affect multiple SIMATIC software products. These could allow an attacker to cause a persistent denial of service condition in the RPC Server of these...

SIMATIC RFID Readers contain multiple vulnerabilities that could allow an attacker to cause Denial-of-Service, exploit hidden functionality and information exposure. Siemens has released new...

The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the...

SINEMA Remote Connect Server before V3.2 SP2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.

A vulnerability in SIMATIC S7-200 SMART devices could allow an attacker to cause a denial of service condition if a specially crafted TCP packet is sent to the device. Siemens recommends specific...

A XPath Constraint vulnerability in the Mendix Runtime was discovered, that can affect the running applications. The vulnerability could allow a malicious user to deduce contents of inaccessible...

Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC before 24.2.0. This advisory lists the related Siemens Industrial products affected by these vulnerabilities....

A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the...

Several Siemens products (optionally) offer the use of WibuKey Dongles [1] for licensing. According to a recent publication by WIBU Systems (WIBU-94453 at [2]), the Windows device driver for these...

SINEC Security Monitor before V4.9.0 contains multiple vulnerabilities. Siemens has released a new version for Siemens SINEC Security Monitor and recommends to update to the latest version.

HiMed Cockpit devices before V11.6.2 contain a Kiosk Mode Escape vulnerability that could allow an attacker to escape the restricted environment and gain access to the underlying operating system....

Siemens JT2Go is affected by a stack-based buffer overflow vulnerability that could be triggered when the application reads files in PDF format. If a user is tricked to open a malicious file with...

A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto...

LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a vulnerability that could allow an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including...

SENTRON PAC3200 only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by...

Simcenter Nastran contains multiple memory corruption vulnerabilities that could be triggered when the application reads files in BDF file formats. If a user is tricked to open a malicious file...

LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set...

LOGO! 8 BM (incl. SIPLUS variants) contains multiple web-related vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state or retrieve...

Siemens Teamcenter Visualization and JT2Go are affected by stack buffer overflow and null pointer dereference vulnerabilities that could be triggered while parsing XML file. If a user is tricked...

Several camera device drivers in the Siveillance Video Device Pack contain a buffer overflow vulnerability that could be exploited under strict conditions. This could allow an attacker to execute...

InterMesh Subscriber devices contain multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. Siemens has released new versions...

RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial...

SIPORT before V3.4.0 contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently...

OZW672 and OZW772 Web Server versions before V5.2 contain a stored cross-site scripting (XSS) vulnerability that could allow an authenticated remote attacker to inject arbitrary JavaScript code...

'Expect elevated activity for the foreseeable future' Iranian hackers have launched spying expeditions, digital probes, and distributed denial of service (DDoS) attacks in the wake of the US and...

On or about January 26, 2026, Insight Hospital and Medical Center (“Insight”) in Chicago issued a substitute notice. It states that in September 2025, Insight learned of unusual activity within...

SINEC NMS before V3.0 SP1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC NMS and recommends to update to the latest version.

Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or PSM format, and by a...

SCALANCE M-800 family before V8.2 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.