Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5740 vulnerabilities by Siemens
CVE-2026-54801 (GCVE-0-2026-54801)
Vulnerability from nvd – Published: 2026-07-09 14:15 – Updated: 2026-07-09 17:37
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CPCI85 Central Processing/Communication |
Affected:
0 , < V26.20
(custom)
|
|
| Siemens | SICORE Base system |
Affected:
0 , < V26.20.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T17:37:36.331104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:37:43.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CPCI85 Central Processing/Communication",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICORE Base system",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V26.20), SICORE Base system (All versions \u003c V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620: Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:15:54.353Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-229470.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-54801",
"datePublished": "2026-07-09T14:15:54.353Z",
"dateReserved": "2026-06-16T07:47:12.274Z",
"dateUpdated": "2026-07-09T17:37:43.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54800 (GCVE-0-2026-54800)
Vulnerability from nvd – Published: 2026-07-09 14:15 – Updated: 2026-07-09 14:45
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CPCI85 Central Processing/Communication |
Affected:
0 , < V26.20
(custom)
|
|
| Siemens | SICORE Base system |
Affected:
0 , < V26.20.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:44:56.105030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:45:11.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CPCI85 Central Processing/Communication",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICORE Base system",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V26.20), SICORE Base system (All versions \u003c V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:15:53.306Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-229470.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-54800",
"datePublished": "2026-07-09T14:15:53.306Z",
"dateReserved": "2026-06-16T07:47:12.274Z",
"dateUpdated": "2026-07-09T14:45:11.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54799 (GCVE-0-2026-54799)
Vulnerability from nvd – Published: 2026-07-09 14:15 – Updated: 2026-07-09 14:46
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-489 - Active Debug Code
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CPCI85 Central Processing/Communication |
Affected:
0 , < V26.20
(custom)
|
|
| Siemens | SICORE Base system |
Affected:
0 , < V26.20.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:46:32.476491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:46:38.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CPCI85 Central Processing/Communication",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICORE Base system",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V26.20), SICORE Base system (All versions \u003c V26.20.0). The affected application contains a vulnerability in its firmware update mechanism\u0027s signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:15:52.247Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-229470.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-54799",
"datePublished": "2026-07-09T14:15:52.247Z",
"dateReserved": "2026-06-16T07:47:12.273Z",
"dateUpdated": "2026-07-09T14:46:38.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54798 (GCVE-0-2026-54798)
Vulnerability from nvd – Published: 2026-07-09 14:15 – Updated: 2026-07-09 14:54
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-489 - Active Debug Code
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CPCI85 Central Processing/Communication |
Affected:
0 , < V26.20
(custom)
|
|
| Siemens | SICORE Base system |
Affected:
0 , < V26.20.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:52:50.609581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:54:39.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CPCI85 Central Processing/Communication",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICORE Base system",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V26.20), SICORE Base system (All versions \u003c V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:15:51.173Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-229470.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-54798",
"datePublished": "2026-07-09T14:15:51.173Z",
"dateReserved": "2026-06-16T07:47:12.273Z",
"dateUpdated": "2026-07-09T14:54:39.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48192 (GCVE-0-2026-48192)
Vulnerability from nvd – Published: 2026-06-30 14:30 – Updated: 2026-06-30 15:05
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline.
This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
26 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Mendix Studio Pro 10.11 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.13 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.14 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.15 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.16 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.17 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.19 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.20 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.21 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.22 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.23 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.24 |
Affected:
0 , < V10.24.21
(custom)
|
|
| Siemens | Mendix Studio Pro 11.0 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.10 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.11 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.5 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.6 |
Affected:
0 , < V11.6.7
(custom)
|
|
| Siemens | Mendix Studio Pro 11.7 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.9 |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T15:05:23.824249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T15:05:37.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.11",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.13",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.15",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.20",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.21",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.22",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.23",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.24",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.24.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.10",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.11",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V11.6.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.9",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions \u003c V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions \u003c V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline.\r\nThis could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T14:30:59.828Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-779310.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-48192",
"datePublished": "2026-06-30T14:30:59.828Z",
"dateReserved": "2026-05-21T08:13:02.100Z",
"dateUpdated": "2026-06-30T15:05:37.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46749 (GCVE-0-2026-46749)
Vulnerability from nvd – Published: 2026-06-09 08:47 – Updated: 2026-06-09 13:10
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-760 - Use of a One-Way Hash with a Predictable Salt
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:10:22.511716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:10:31.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-760",
"description": "CWE-760: Use of a One-Way Hash with a Predictable Salt",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:47:05.354Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-46749",
"datePublished": "2026-06-09T08:47:05.354Z",
"dateReserved": "2026-05-18T09:37:25.766Z",
"dateUpdated": "2026-06-09T13:10:31.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46748 (GCVE-0-2026-46748)
Vulnerability from nvd – Published: 2026-06-09 08:46 – Updated: 2026-06-09 16:06
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T16:05:10.509102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T16:06:36.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:55.902Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-46748",
"datePublished": "2026-06-09T08:46:55.902Z",
"dateReserved": "2026-05-18T09:37:25.766Z",
"dateUpdated": "2026-06-09T16:06:36.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46747 (GCVE-0-2026-46747)
Vulnerability from nvd – Published: 2026-06-09 08:46 – Updated: 2026-06-09 14:37
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-26 - Path Traversal: '/dir/../filename'
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:37:00.719840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:37:31.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:54.724Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-46747",
"datePublished": "2026-06-09T08:46:54.724Z",
"dateReserved": "2026-05-18T09:37:25.766Z",
"dateUpdated": "2026-06-09T14:37:31.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46746 (GCVE-0-2026-46746)
Vulnerability from nvd – Published: 2026-06-09 08:46 – Updated: 2026-06-09 15:12
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected service user (sinecins).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:12:03.665874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:12:58.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected service user (sinecins)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:53.639Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-46746",
"datePublished": "2026-06-09T08:46:53.639Z",
"dateReserved": "2026-05-18T09:37:25.766Z",
"dateUpdated": "2026-06-09T15:12:58.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24349 (GCVE-0-2026-24349)
Vulnerability from nvd – Published: 2026-06-09 08:46 – Updated: 2026-06-09 12:54
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-313 - Cleartext Storage in a File or on Disk
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC WinCC Unified PC Runtime V16 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V17 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V19 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V20 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V21 |
Affected:
0 , < V21 Update 2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T12:54:10.341457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T12:54:20.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V20",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V21",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21 Update 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions \u003c V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "CWE-313: Cleartext Storage in a File or on Disk",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:52.528Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-063511.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-24349",
"datePublished": "2026-06-09T08:46:52.528Z",
"dateReserved": "2026-01-22T13:21:49.113Z",
"dateUpdated": "2026-06-09T12:54:20.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40808 (GCVE-0-2025-40808)
Vulnerability from nvd – Published: 2026-06-09 08:46 – Updated: 2026-06-09 14:22
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
61 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:20:53.351500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:22:32.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD84 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD89 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MU85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7KE85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7KE85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ81 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ81 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SS85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SS85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SX82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SX85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SY82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UM85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VE85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VK87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VK87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VU85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Compact 7SX800 (CP050)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:49.158Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139483.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40808",
"datePublished": "2026-06-09T08:46:49.158Z",
"dateReserved": "2025-04-16T08:50:26.973Z",
"dateUpdated": "2026-06-09T14:22:32.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41918 (GCVE-0-2026-41918)
Vulnerability from nvd – Published: 2026-06-02 12:06 – Updated: 2026-06-02 14:13
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-525 - Use of Web Browser Cache Containing Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V4.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T14:13:46.231135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T14:13:54.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions \u003c V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-525",
"description": "CWE-525: Use of Web Browser Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:06:50.291Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-41918",
"datePublished": "2026-06-02T12:06:50.291Z",
"dateReserved": "2026-04-22T15:48:53.605Z",
"dateUpdated": "2026-06-02T14:13:54.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42177 (GCVE-0-2026-42177)
Vulnerability from nvd – Published: 2026-05-12 17:11 – Updated: 2026-05-13 14:37
VLAI
EPSS
VEX
Title
linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted
Summary
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/siemens/linux-entra-sso/securi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | linux-entra-sso |
Affected:
< 1.8.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42177",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:35:33.712997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:37:56.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://github.com/siemens/linux-entra-sso/security/advisories/GHSA-52rj-42vh-2rxc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "linux-entra-sso",
"vendor": "siemens",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + \"/*\", i.e. \"https://login.microsoftonline.com/*\". Chrome\u0027s urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: [\"https://*/*\"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:11:36.050Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/siemens/linux-entra-sso/security/advisories/GHSA-52rj-42vh-2rxc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/siemens/linux-entra-sso/security/advisories/GHSA-52rj-42vh-2rxc"
}
],
"source": {
"advisory": "GHSA-52rj-42vh-2rxc",
"discovery": "UNKNOWN"
},
"title": "linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42177",
"datePublished": "2026-05-12T17:11:36.050Z",
"dateReserved": "2026-04-25T01:53:21.582Z",
"dateUpdated": "2026-05-13T14:37:56.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12659 (GCVE-0-2025-12659)
Vulnerability from nvd – Published: 2026-05-12 12:30 – Updated: 2026-06-09 09:02
VLAI
EPSS
VEX
Title
Heap-based buffer overflow in Siemens Simcenter Femap
Summary
Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
3 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Simcenter Femap |
Affected:
0 , < V2512.0003
(custom)
Unaffected: V2512.0003 |
|
| Siemens | Simcenter Femap |
Affected:
0 , < V2512.0003
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T14:26:44.889744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T14:27:57.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "Simcenter Femap",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2512.0003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T09:02:02.324Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-870926.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simcenter Femap",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2512.0003",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "V2512.0003"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Siemens thanks TrendAI Zero Day Initiative for coordinated disclosure"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Siemens Simcenter Femap\u0026nbsp;contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.\u0026nbsp;"
}
],
"value": "Siemens Simcenter Femap\u00a0contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T20:22:03.369Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-870926.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-05"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-05.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to V2512.0003 or later version\u003c/div\u003e\u003ca href=\"https://support.sw.siemens.com/product/275652363/\"\u003ehttps://support.sw.siemens.com/product/275652363/\u003c/a\u003e"
}
],
"value": "Update to V2512.0003 or later version\n\n https://support.sw.siemens.com/product/275652363/"
}
],
"source": {
"advisory": "ICSA-26-134-05, SSA-870926",
"discovery": "EXTERNAL"
},
"title": "Heap-based buffer overflow in Siemens Simcenter Femap",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12659",
"datePublished": "2026-05-12T12:30:04.652Z",
"dateReserved": "2025-11-03T20:56:28.893Z",
"dateUpdated": "2026-06-09T09:02:02.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44412 (GCVE-0-2026-44412)
Vulnerability from nvd – Published: 2026-05-12 08:21 – Updated: 2026-05-13 01:48
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files.
This could allow an attacker to execute code in the context of the current process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Solid Edge SE2026 |
Affected:
0 , < V226.0 Update 5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T01:41:41.274108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T01:48:13.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Solid Edge SE2026",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V226.0 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Solid Edge SE2026 (All versions \u003c V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files.\r\nThis could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:21:20.461Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-921111.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-44412",
"datePublished": "2026-05-12T08:21:20.461Z",
"dateReserved": "2026-05-06T09:51:05.262Z",
"dateUpdated": "2026-05-13T01:48:13.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54801 (GCVE-0-2026-54801)
Vulnerability from cvelistv5 – Published: 2026-07-09 14:15 – Updated: 2026-07-09 17:37
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CPCI85 Central Processing/Communication |
Affected:
0 , < V26.20
(custom)
|
|
| Siemens | SICORE Base system |
Affected:
0 , < V26.20.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T17:37:36.331104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:37:43.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CPCI85 Central Processing/Communication",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICORE Base system",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V26.20), SICORE Base system (All versions \u003c V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the web API. This could allow an authenticated attacker to bypass security controls and gain unauthorized elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620: Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:15:54.353Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-229470.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-54801",
"datePublished": "2026-07-09T14:15:54.353Z",
"dateReserved": "2026-06-16T07:47:12.274Z",
"dateUpdated": "2026-07-09T17:37:43.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54800 (GCVE-0-2026-54800)
Vulnerability from cvelistv5 – Published: 2026-07-09 14:15 – Updated: 2026-07-09 14:45
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CPCI85 Central Processing/Communication |
Affected:
0 , < V26.20
(custom)
|
|
| Siemens | SICORE Base system |
Affected:
0 , < V26.20.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:44:56.105030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:45:11.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CPCI85 Central Processing/Communication",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICORE Base system",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V26.20), SICORE Base system (All versions \u003c V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain unauthorized access and control over critical system functions."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:15:53.306Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-229470.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-54800",
"datePublished": "2026-07-09T14:15:53.306Z",
"dateReserved": "2026-06-16T07:47:12.274Z",
"dateUpdated": "2026-07-09T14:45:11.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54799 (GCVE-0-2026-54799)
Vulnerability from cvelistv5 – Published: 2026-07-09 14:15 – Updated: 2026-07-09 14:46
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-489 - Active Debug Code
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CPCI85 Central Processing/Communication |
Affected:
0 , < V26.20
(custom)
|
|
| Siemens | SICORE Base system |
Affected:
0 , < V26.20.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:46:32.476491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:46:38.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CPCI85 Central Processing/Communication",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICORE Base system",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V26.20), SICORE Base system (All versions \u003c V26.20.0). The affected application contains a vulnerability in its firmware update mechanism\u0027s signature validation process. This could allow an attacker to install malicious firmware, leading to persistent code execution and system compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:15:52.247Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-229470.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-54799",
"datePublished": "2026-07-09T14:15:52.247Z",
"dateReserved": "2026-06-16T07:47:12.273Z",
"dateUpdated": "2026-07-09T14:46:38.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54798 (GCVE-0-2026-54798)
Vulnerability from cvelistv5 – Published: 2026-07-09 14:15 – Updated: 2026-07-09 14:54
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-489 - Active Debug Code
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | CPCI85 Central Processing/Communication |
Affected:
0 , < V26.20
(custom)
|
|
| Siemens | SICORE Base system |
Affected:
0 , < V26.20.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T14:52:50.609581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:54:39.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CPCI85 Central Processing/Communication",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICORE Base system",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V26.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions \u003c V26.20), SICORE Base system (All versions \u003c V26.20.0). The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt the system by crashing the web process causing denial of service conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T14:15:51.173Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-229470.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-54798",
"datePublished": "2026-07-09T14:15:51.173Z",
"dateReserved": "2026-06-16T07:47:12.273Z",
"dateUpdated": "2026-07-09T14:54:39.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48192 (GCVE-0-2026-48192)
Vulnerability from cvelistv5 – Published: 2026-06-30 14:30 – Updated: 2026-06-30 15:05
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions < V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions < V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline.
This could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
26 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Mendix Studio Pro 10.11 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.12 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.13 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.14 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.15 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.16 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.17 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.19 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.20 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.21 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.22 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.23 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 10.24 |
Affected:
0 , < V10.24.21
(custom)
|
|
| Siemens | Mendix Studio Pro 11.0 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.1 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.10 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.11 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.4 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.5 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.6 |
Affected:
0 , < V11.6.7
(custom)
|
|
| Siemens | Mendix Studio Pro 11.7 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.8 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Mendix Studio Pro 11.9 |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T15:05:23.824249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T15:05:37.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.11",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.13",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.15",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.20",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.21",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.22",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.23",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 10.24",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.24.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.10",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.11",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V11.6.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Studio Pro 11.9",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All versions), Mendix Studio Pro 10.14 (All versions), Mendix Studio Pro 10.15 (All versions), Mendix Studio Pro 10.16 (All versions), Mendix Studio Pro 10.17 (All versions), Mendix Studio Pro 10.18 (All versions), Mendix Studio Pro 10.19 (All versions), Mendix Studio Pro 10.20 (All versions), Mendix Studio Pro 10.21 (All versions), Mendix Studio Pro 10.22 (All versions), Mendix Studio Pro 10.23 (All versions), Mendix Studio Pro 10.24 (All versions \u003c V10.24.21), Mendix Studio Pro 11.0 (All versions), Mendix Studio Pro 11.1 (All versions), Mendix Studio Pro 11.10 (All versions), Mendix Studio Pro 11.11 (All versions), Mendix Studio Pro 11.2 (All versions), Mendix Studio Pro 11.3 (All versions), Mendix Studio Pro 11.4 (All versions), Mendix Studio Pro 11.5 (All versions), Mendix Studio Pro 11.6 (All versions \u003c V11.6.7), Mendix Studio Pro 11.7 (All versions), Mendix Studio Pro 11.8 (All versions), Mendix Studio Pro 11.9 (All versions). Affected versions of Mendix Studio Pro do not properly validate or sanitize project files processed during the build pipeline.\r\nThis could allow an attacker who tricks a user into opening and running a specially crafted malicious project locally on their system to execute arbitrary code in the context of that user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T14:30:59.828Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-779310.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-48192",
"datePublished": "2026-06-30T14:30:59.828Z",
"dateReserved": "2026-05-21T08:13:02.100Z",
"dateUpdated": "2026-06-30T15:05:37.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46749 (GCVE-0-2026-46749)
Vulnerability from cvelistv5 – Published: 2026-06-09 08:47 – Updated: 2026-06-09 13:10
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-760 - Use of a One-Way Hash with a Predictable Salt
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:10:22.511716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:10:31.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-760",
"description": "CWE-760: Use of a One-Way Hash with a Predictable Salt",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:47:05.354Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-46749",
"datePublished": "2026-06-09T08:47:05.354Z",
"dateReserved": "2026-05-18T09:37:25.766Z",
"dateUpdated": "2026-06-09T13:10:31.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46748 (GCVE-0-2026-46748)
Vulnerability from cvelistv5 – Published: 2026-06-09 08:46 – Updated: 2026-06-09 16:06
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T16:05:10.509102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T16:06:36.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:55.902Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-46748",
"datePublished": "2026-06-09T08:46:55.902Z",
"dateReserved": "2026-05-18T09:37:25.766Z",
"dateUpdated": "2026-06-09T16:06:36.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46747 (GCVE-0-2026-46747)
Vulnerability from cvelistv5 – Published: 2026-06-09 08:46 – Updated: 2026-06-09 14:37
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-26 - Path Traversal: '/dir/../filename'
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46747",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:37:00.719840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:37:31.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26: Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:54.724Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-46747",
"datePublished": "2026-06-09T08:46:54.724Z",
"dateReserved": "2026-05-18T09:37:25.766Z",
"dateUpdated": "2026-06-09T14:37:31.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46746 (GCVE-0-2026-46746)
Vulnerability from cvelistv5 – Published: 2026-06-09 08:46 – Updated: 2026-06-09 15:12
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected service user (sinecins).
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:12:03.665874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:12:58.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected service user (sinecins)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:53.639Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-860189.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-46746",
"datePublished": "2026-06-09T08:46:53.639Z",
"dateReserved": "2026-05-18T09:37:25.766Z",
"dateUpdated": "2026-06-09T15:12:58.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24349 (GCVE-0-2026-24349)
Vulnerability from cvelistv5 – Published: 2026-06-09 08:46 – Updated: 2026-06-09 12:54
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-313 - Cleartext Storage in a File or on Disk
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC WinCC Unified PC Runtime V16 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V17 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V18 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V19 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V20 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC WinCC Unified PC Runtime V21 |
Affected:
0 , < V21 Update 2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T12:54:10.341457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T12:54:20.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V20",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified PC Runtime V21",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21 Update 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions \u003c V21 Update 2). Insufficient protection of key material in WinCC Certificate Manager that could allow an attacker to extract sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "CWE-313: Cleartext Storage in a File or on Disk",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:52.528Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-063511.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-24349",
"datePublished": "2026-06-09T08:46:52.528Z",
"dateReserved": "2026-01-22T13:21:49.113Z",
"dateUpdated": "2026-06-09T12:54:20.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40808 (GCVE-0-2025-40808)
Vulnerability from cvelistv5 – Published: 2026-06-09 08:46 – Updated: 2026-06-09 14:22
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
61 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:20:53.351500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:22:32.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD84 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD89 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MU85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7KE85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7KE85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ81 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ81 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SS85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SS85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SX82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SX85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SY82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UM85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT85 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT86 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VE85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VK87 (CP200)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VK87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VU85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Compact 7SX800 (CP050)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T08:46:49.158Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139483.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40808",
"datePublished": "2026-06-09T08:46:49.158Z",
"dateReserved": "2025-04-16T08:50:26.973Z",
"dateUpdated": "2026-06-09T14:22:32.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41918 (GCVE-0-2026-41918)
Vulnerability from cvelistv5 – Published: 2026-06-02 12:06 – Updated: 2026-06-02 14:13
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-525 - Use of Web Browser Cache Containing Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V4.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T14:13:46.231135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T14:13:54.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions \u003c V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-525",
"description": "CWE-525: Use of Web Browser Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:06:50.291Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2026-41918",
"datePublished": "2026-06-02T12:06:50.291Z",
"dateReserved": "2026-04-22T15:48:53.605Z",
"dateUpdated": "2026-06-02T14:13:54.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42177 (GCVE-0-2026-42177)
Vulnerability from cvelistv5 – Published: 2026-05-12 17:11 – Updated: 2026-05-13 14:37
VLAI
EPSS
VEX
Title
linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted
Summary
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome's urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: ["https://*/*"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/siemens/linux-entra-sso/securi… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | linux-entra-sso |
Affected:
< 1.8.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42177",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:35:33.712997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:37:56.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://github.com/siemens/linux-entra-sso/security/advisories/GHSA-52rj-42vh-2rxc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "linux-entra-sso",
"vendor": "siemens",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + \"/*\", i.e. \"https://login.microsoftonline.com/*\". Chrome\u0027s urlFilter without a | or || anchor is substring-matched against the full request URL. The same applied rule action is modifyHeaders that attaches the Entra ID Primary Refresh Token cookie. The Firefox adapter in platform/firefox/js/platform-firefox.js:53 performs a belt-and-braces startsWith(Platform.SSO_URL) check before injecting the header; the Chrome adapter does not. When the extension holds broad host permissions through the optional_host_permissions: [\"https://*/*\"] declared in platform/chrome/manifest.json:34, a main-frame navigation to a URL whose path embeds https://login.microsoftonline.com/ causes Chrome to attach the PRT cookie to the request to the attacker-controlled host. This vulnerability is fixed in 1.8.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T17:11:36.050Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/siemens/linux-entra-sso/security/advisories/GHSA-52rj-42vh-2rxc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/siemens/linux-entra-sso/security/advisories/GHSA-52rj-42vh-2rxc"
}
],
"source": {
"advisory": "GHSA-52rj-42vh-2rxc",
"discovery": "UNKNOWN"
},
"title": "linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42177",
"datePublished": "2026-05-12T17:11:36.050Z",
"dateReserved": "2026-04-25T01:53:21.582Z",
"dateUpdated": "2026-05-13T14:37:56.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12659 (GCVE-0-2025-12659)
Vulnerability from cvelistv5 – Published: 2026-05-12 12:30 – Updated: 2026-06-09 09:02
VLAI
EPSS
VEX
Title
Heap-based buffer overflow in Siemens Simcenter Femap
Summary
Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
3 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Simcenter Femap |
Affected:
0 , < V2512.0003
(custom)
Unaffected: V2512.0003 |
|
| Siemens | Simcenter Femap |
Affected:
0 , < V2512.0003
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T14:26:44.889744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T14:27:57.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "Simcenter Femap",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2512.0003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T09:02:02.324Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-870926.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simcenter Femap",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2512.0003",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "V2512.0003"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Siemens thanks TrendAI Zero Day Initiative for coordinated disclosure"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Siemens Simcenter Femap\u0026nbsp;contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.\u0026nbsp;"
}
],
"value": "Siemens Simcenter Femap\u00a0contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T20:22:03.369Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-870926.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-05"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-05.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUpdate to V2512.0003 or later version\u003c/div\u003e\u003ca href=\"https://support.sw.siemens.com/product/275652363/\"\u003ehttps://support.sw.siemens.com/product/275652363/\u003c/a\u003e"
}
],
"value": "Update to V2512.0003 or later version\n\n https://support.sw.siemens.com/product/275652363/"
}
],
"source": {
"advisory": "ICSA-26-134-05, SSA-870926",
"discovery": "EXTERNAL"
},
"title": "Heap-based buffer overflow in Siemens Simcenter Femap",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12659",
"datePublished": "2026-05-12T12:30:04.652Z",
"dateReserved": "2025-11-03T20:56:28.893Z",
"dateUpdated": "2026-06-09T09:02:02.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CERTFR-2026-AVI-0714
Vulnerability from certfr_avis - Published: 2026-06-09 - Updated: 2026-06-09
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | SCALANCE | SCALANCE X204RNA EEC (PRP) (6GK5204-0BS00-3LA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR322-12 (6GK5334-3TS00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG10-3HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG10-3AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Runtime Advanced V17 versions antérieures à 17.0.9 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPLUS | SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V18 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7KE85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X307-3LD (6GK5307-3BM10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X304-2FE (6GK5304-2BD00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-1EA30) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MU85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X204-2FM (6GK5204-2BB11-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SK85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-3LD (6GK5307-3BM00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC Comfort/Mobile RT toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X310 (6GK5310-0FA00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR326-8 (6GK5334-2TS00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC HMI Comfort Panels versions antérieures à 17.0.9 | ||
| Siemens | SCALANCE | SCALANCE X216 (6GK5216-0BA00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X208 (6GK5208-0BA10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X206-1LD (6GK5206-1BC10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE XR526-8 (6GK5534-2TR00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SX85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XC424-4 (6GK5428-4TR00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LD (6GK5308-2FM10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204-2LD (6GK5204-2BC10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV530 S (6GF3530-0CD10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SS85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD89 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X206-1 (6GK5206-1BB10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V19 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV540 S (6GF3540-0CD10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC IPC ORCLA toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X310FE (6GK5310-0BA00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC IPC BX-21A toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV540 H (6GF3540-0GE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X408-2 (6GK5408-2FD00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V20 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC OA V3.21 versions antérieures à 3.21.02 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2M TS (6GK5308-2GG10-2CA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X202-2P IRT PRO (6GK5202-2JR10-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR502-32 (6GK5534-5TR00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X310FE (6GK5310-0BA10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204-2 (6GK5204-2BB10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2M TS (6GK5308-2GG00-2CA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR322-12 (6GK5334-3TS00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR522-12 (6GK5534-3TR00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR524-8WG (6GK5532-2SR00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV530 H (6GF3530-0GE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204IRT (6GK5204-0BA10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-0DA30) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204RNA (HSR) (6GK5204-0BA00-2MB2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V21 versions antérieures à 21.0.2 | ||
| Siemens | SCALANCE | SCALANCE XF206-1 (6GK5206-1BC00-2AF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-0DA10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC STEP 7 V5 versions antérieures à 5.7.4 | ||
| Siemens | SCALANCE | SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7VE85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XC324-4 (6GK5328-4TS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UM85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LH (6GK5308-2FN00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR526-8 (6GK5534-2TR00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7VU85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X200-4P IRT (6GK5200-4AH10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC IPC MD-57A toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC V8.0 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204-2TS (6GK5204-2BB10-2CA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7ST85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XC316-8 (6GK5324-8TS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M876-4 (6GK5876-4AA10-2BA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified Sequence versions antérieures à 21 | ||
| Siemens | SCALANCE | SCALANCE XR302-32 (6GK5334-5TS00-4AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR326-8 (6GK5334-2TS00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-1EA20) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIMATIC | SIMATIC MV560 X (6GF3560-0HE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR302-32 (6GK5334-5TS00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204IRT (6GK5204-0BA00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC OA V3.20 versions antérieures à 3.20.012 | ||
| Siemens | SCALANCE | SCALANCE XR526-8 (6GK5534-2TR00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-3 (6GK5307-3BL00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7KE85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ81 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR522-12 (6GK5534-3TR00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SY82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SK82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204 (6GK5204-0BA00-2AF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2 (6GK5308-2FL00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD84 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X204RNA EEC (HSR) (6GK5204-0BS00-2NA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SK85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X212-2LD (6GK5212-2BC00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M816-1 ADSL-Router family toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIMATIC | SIMATIC MV540 H CRANES (6GF3540-0GE30) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG10-1CR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL86 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X202-2P IRT (6GK5202-2BH10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LH (6GK5308-2FN10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC OA V3.19 versions antérieures à 3.19.024 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SL86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X201-3P IRT (6GK5201-3BH10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR322-12 (6GK5334-3TS00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIMATIC | SIMATIC MV560 U (6GF3560-0LE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIMATIC | SIMATIC WinCC Unified PC Runtime V16 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2026-24349. | ||
| Siemens | SCALANCE | SCALANCE M812-1 ADSL-Router family toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7VK87 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 Compact 7SX800 (CP050) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204-2 (6GK5204-2BC00-2AF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG10-1HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC V7.5 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-0DA00) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC IOT2050 (6ES7647-0BA00-1YA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7ST85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X307-3 (6GK5307-3BL10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR524-8WG (6GK5532-2SR00-2RR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC PDM V9.3 toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE M876-3 (6GK5876-3AA02-2BA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV550 H (6GF3550-0GE10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X320-1 FE (6GK5320-1BD00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204IRT (6GK5204-0BA10-2BF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR524-8WG (6GK5532-2SR00-3RR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-0DA20) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7VK87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X212-2 (6GK5212-2BB00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC Target toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF208 (6GK5208-0BA00-2AF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC MV550 S (6GF3550-0CD10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC HMI Mobile Panels versions antérieures à 17.0.9 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIMATIC | SIMATIC RTLS Locating Manager (6GT2780-1EA10) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 6MD85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ81 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XC332 (6GK5332-0GA00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE SC626-2C (6GK5626-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204RNA EEC (PRP/HSR) (6GK5204-0BS00-3PA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE LPE9413 (6GK5998-3GS01-2AC2) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SCALANCE | SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA87 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X224 (6GK5224-0BA00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7ST86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIMATIC | SIMATIC HMI Basic Panels versions antérieures à 17.0.9 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XC416-8 (6GK5424-8TR00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SK82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2LD (6GK5308-2FM00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7UT85 (CP200) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SCALANCE | SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD82 (CP100) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-40808. | ||
| Siemens | SIPLUS | SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR302-32 (6GK5334-5TS00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SA86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR524-8WG (6GK5532-2SR00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SD82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SX82 (CP150) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE XR502-32 (6GK5534-5TR00-3AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XF204IRT (6GK5204-0BA00-2BF2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SS85 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE LPE9433 (6GK5998-3GS11-2AC2) toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SIMATIC | SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG10-1AR2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIMATIC | SIMATIC WinCC V8.1 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-15467. | ||
| Siemens | SCALANCE | SCALANCE X201-3P IRT PRO (6GK5201-3JR10-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2M (6GK5308-2GG10-2AA2) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE XR502-32 (6GK5534-5TR00-2AR3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X204IRT PRO (6GK5204-0JA10-2BA6) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X202-2IRT (6GK5202-2BB10-2BA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SCALANCE | SCALANCE X308-2 (6GK5308-2FL10-2AA3) toutes versions pour la vulnérabilité CVE-2025-15467 | ||
| Siemens | SIPROTEC | SIPROTEC 5 7SJ86 (CP300) toutes versions pour la vulnérabilité CVE-2025-40808 | ||
| Siemens | SCALANCE | SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions pour la vulnérabilité CVE-2025-15467 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE X204RNA EEC (PRP) (6GK5204-0BS00-3LA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR322-12 (6GK5334-3TS00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG10-3HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG10-3AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced V17 versions ant\u00e9rieures \u00e0 17.0.9",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIPLUS",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V18 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7KE85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3LD (6GK5307-3BM10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-1EA30) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MU85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2FM (6GK5204-2BB11-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SK85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3LD (6GK5307-3BM00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Comfort/Mobile RT toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X310 (6GK5310-0FA00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR326-8 (6GK5334-2TS00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Panels versions ant\u00e9rieures \u00e0 17.0.9",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X216 (6GK5216-0BA00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X208 (6GK5208-0BA10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1LD (6GK5206-1BC10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8 (6GK5534-2TR00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SX85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC424-4 (6GK5428-4TR00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LD (6GK5308-2FM10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD (6GK5204-2BC10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV530 S (6GF3530-0CD10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SS85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD89 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1 (6GK5206-1BB10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V19 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 S (6GF3540-0CD10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC ORCLA toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X310FE (6GK5310-0BA00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC BX-21A toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 H (6GF3540-0GE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X408-2 (6GK5408-2FD00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V20 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.21 versions ant\u00e9rieures \u00e0 3.21.02",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M TS (6GK5308-2GG10-2CA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT PRO (6GK5202-2JR10-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR502-32 (6GK5534-5TR00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X310FE (6GK5310-0BA10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2 (6GK5204-2BB10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M TS (6GK5308-2GG00-2CA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR322-12 (6GK5334-3TS00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR522-12 (6GK5534-3TR00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8WG (6GK5532-2SR00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV530 H (6GF3530-0GE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT (6GK5204-0BA10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA30) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204RNA (HSR) (6GK5204-0BA00-2MB2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V21 versions ant\u00e9rieures \u00e0 21.0.2",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF206-1 (6GK5206-1BC00-2AF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 5.7.4",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7VE85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC324-4 (6GK5328-4TS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UM85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH (6GK5308-2FN00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8 (6GK5534-2TR00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7VU85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X200-4P IRT (6GK5200-4AH10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC MD-57A toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.0 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2TS (6GK5204-2BB10-2CA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7ST85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC316-8 (6GK5324-8TS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (6GK5876-4AA10-2BA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified Sequence versions ant\u00e9rieures \u00e0 21",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR302-32 (6GK5334-5TS00-4AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR326-8 (6GK5334-2TS00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-1EA20) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 X (6GF3560-0HE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR302-32 (6GK5334-5TS00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT (6GK5204-0BA00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.20 versions ant\u00e9rieures \u00e0 3.20.012",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8 (6GK5534-2TR00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3 (6GK5307-3BL00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7KE85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ81 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR522-12 (6GK5534-3TR00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SY82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SK82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 (6GK5204-0BA00-2AF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2 (6GK5308-2FL00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD84 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204RNA EEC (HSR) (6GK5204-0BS00-2NA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SK85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2LD (6GK5212-2BC00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router family toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 H CRANES (6GF3540-0GE30) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG10-1CR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL86 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT (6GK5202-2BH10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH (6GK5308-2FN10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.19 versions ant\u00e9rieures \u00e0 3.19.024",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SL86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT (6GK5201-3BH10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR322-12 (6GK5334-3TS00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 U (6GF3560-0LE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Unified PC Runtime V16 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2026-24349.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router family toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7VK87 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 Compact 7SX800 (CP050) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2 (6GK5204-2BC00-2AF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG10-1HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA00) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IOT2050 (6ES7647-0BA00-1YA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7ST85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3 (6GK5307-3BL10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8WG (6GK5532-2SR00-2RR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM V9.3 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (6GK5876-3AA02-2BA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 H (6GF3550-0GE10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204IRT (6GK5204-0BA10-2BF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8WG (6GK5532-2SR00-3RR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA20) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7VK87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2 (6GK5212-2BB00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Target toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF208 (6GK5208-0BA00-2AF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 S (6GF3550-0CD10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Mobile Panels versions ant\u00e9rieures \u00e0 17.0.9",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-1EA10) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 6MD85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ81 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC332 (6GK5332-0GA00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC626-2C (6GK5626-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204RNA EEC (PRP/HSR) (6GK5204-0BS00-3PA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9413 (6GK5998-3GS01-2AC2) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA87 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X224 (6GK5224-0BA00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7ST86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Basic Panels versions ant\u00e9rieures \u00e0 17.0.9",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XC416-8 (6GK5424-8TR00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SK82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LD (6GK5308-2FM00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7UT85 (CP200) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD82 (CP100) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808.",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIPLUS",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR302-32 (6GK5334-5TS00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SA86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8WG (6GK5532-2SR00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SD82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SX82 (CP150) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR502-32 (6GK5534-5TR00-3AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SS85 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9433 (6GK5998-3GS11-2AC2) toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG10-1AR2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.1 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467.",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT PRO (6GK5201-3JR10-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M (6GK5308-2GG10-2AA2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR502-32 (6GK5534-5TR00-2AR3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204IRT PRO (6GK5204-0JA10-2BA6) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2IRT (6GK5202-2BB10-2BA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2 (6GK5308-2FL10-2AA3) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 7SJ86 (CP300) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40808",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-15467",
"product": {
"name": "SCALANCE",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2026-24349",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24349"
},
{
"name": "CVE-2025-40808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40808"
}
],
"initial_release_date": "2026-06-09T00:00:00",
"last_revision_date": "2026-06-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0714",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-139483",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-139483.html"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-063511",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-063511.html"
},
{
"published_at": "2026-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-434797",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434797.html"
}
]
}