Latest Intelligence
Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems
Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems have multiple vulnerabilities that could allow attackers to exploit weak cryptographic algorithms and access sensitive information. The vulnerabilities pose significant risks, including the potential retrieval of safety passwords and eavesdropping on connections.
Siemens SCALANCE LPE9403
The Siemens SCALANCE LPE9403 has multiple vulnerabilities that could compromise the confidentiality, integrity, and availability of affected devices. These vulnerabilities, including incorrect permission assignments and various forms of injection attacks, pose significant security risks, especially since they can be exploited by local attackers with low complexity.
Siemens SIMATIC PCS neo
The Siemens SIMATIC PCS neo has a significant vulnerability related to insufficient session expiration, allowing remote attackers to reuse legitimate user sessions after logout. This issue affects multiple versions of the software and poses a risk to critical manufacturing sectors globally.
Siemens User Management Component (UMC)
The Siemens User Management Component (UMC) has several vulnerabilities that could allow unauthenticated remote attackers to cause denial-of-service conditions. These vulnerabilities affect multiple Siemens products, and users are advised to implement specific mitigations and updates to reduce risks.
Siemens INTRALOG WMS
The article discusses multiple vulnerabilities in Siemens INTRALOG WMS, all versions prior to v5, which could allow attackers to bypass security features, cause denial-of-service conditions, or execute arbitrary code. Siemens has released a new version to address these vulnerabilities, emphasizing the importance of updating and securing network access.
Siemens RUGGEDCOM APE1808 Devices
Siemens RUGGEDCOM APE1808 devices are vulnerable to two significant issues: insufficiently protected credentials and an out-of-bounds write, which could allow attackers to retrieve LDAP credentials or trigger a denial-of-service condition. Successful exploitation could have serious implications for critical manufacturing sectors worldwide.
Siemens Teamcenter Visualization
Siemens Teamcenter Visualization has a critical vulnerability, categorized as an out-of-bounds read, which could allow attackers to execute code in the context of the current process. The vulnerability affects multiple versions of the software, and while there is no known public exploitation reported, users are advised to take defensive measures.
Siemens SIPROTEC and SICAM
A critical vulnerability has been identified in Siemens' SIPROTEC and SICAM products, allowing attackers to gain unauthorized network access without valid credentials. This issue, linked to improper message integrity enforcement in RADIUS communications, poses significant risks to critical infrastructure sectors worldwide.
Siemens BACnet ATEC Devices
Siemens BACnet ATEC devices are vulnerable to an improper input validation issue that could allow an attacker on the same network to trigger a denial of service condition. This vulnerability, identified as CVE-2025-40556, poses a significant risk as it requires a power cycle to restore normal operation and has been assigned a CVSS v4 score of 7.1.
Siemens VersiCharge AC Series EV Chargers
Siemens VersiCharge AC Series EV Chargers have been identified with critical vulnerabilities that could allow attackers to gain control over the chargers or execute arbitrary code. The vulnerabilities stem from a missing immutable root of trust in hardware and insecure default initialization, posing significant security risks.
Siemens Desigo
A critical vulnerability in Siemens Desigo CC allows unauthenticated remote attackers to execute arbitrary SQL queries on the server database. This issue poses significant risks, particularly in commercial and critical manufacturing sectors, and requires immediate attention to mitigate potential exploitation.
Siemens IPC RS-828A
The Siemens IPC RS-828A has a critical vulnerability allowing authentication bypass via spoofing, which could lead to unauthorized access and compromise system integrity. This issue, assigned CVE-2024-54085, poses significant risks to various critical infrastructure sectors worldwide.
Siemens OZW Web Servers
Siemens OZW Web Servers have critical vulnerabilities related to OS command injection and SQL injection, which could allow unauthorized remote access and execution of arbitrary code with root privileges. These vulnerabilities pose significant risks to critical manufacturing sectors worldwide, necessitating immediate attention and remediation.
Pen Testing for Compliance Only? It's Time to Change Your Approach
The article emphasizes the risks of relying solely on annual penetration testing for compliance, highlighting that vulnerabilities can be introduced during routine updates and exploited before the next test cycle. This underscores the need for continuous security practices rather than a one-time compliance check.
Chinese Hackers Hit Drone Sector in Supply Chain Attacks
The China-linked hacking group Earth Ammit has conducted multi-wave supply chain attacks targeting the drone sector in Taiwan and South Korea. This disruption highlights the growing threat to critical technology sectors from state-sponsored cyber activities.