As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 5.1
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Siemens
• Equipment: RUGGEDCOM ROX II Family
• Vulnerability: Unrestricted Upload of File with Dangerous Type

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the devices.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports the following products are affected:

• Siemens RUGGEDCOM ROX MX5000: All versions
• Siemens RUGGEDCOM ROX RX1536: All versions
• Siemens RUGGEDCOM ROX RX5000: All versions
• Siemens RUGGEDCOM ROX MX5000RE: All versions
• Siemens RUGGEDCOM ROX RX1400: All versions
• Siemens RUGGEDCOM ROX RX1500: All versions
• Siemens RUGGEDCOM ROX RX1501: All versions
• Siemens RUGGEDCOM ROX RX1510: All versions
• Siemens RUGGEDCOM ROX RX1511: All versions
• Siemens RUGGEDCOM ROX RX1512: All versions
• Siemens RUGGEDCOM ROX RX1524: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434

The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files.

CVE-2025-33023 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2025-33023. A base score of 5.1 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Trae Mazza and Zachary Levine of RMC Global coordinated this vulnerability with Siemens.

Siemens ProductCERT reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

• All affected products: Currently no fix is available
• All affected products: Restrict highly privileged access to the web interface to authorized and trusted personnel only

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage

For more information see the associated Siemens security advisory SSA-665108 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY

• August 14, 2025: Initial Republication of Siemens ProductCERT SSA-665108

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 7.3
• ATTENTION: Exploitable from a local network
• Vendor: Rockwell Automation
• Equipment: Studio 5000 Logix Designer
• Vulnerability: Improper Input Validation

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to crash the device or execute malicious code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Studio 5000 Logix Designer, a centralized control system management software, are affected:

• Studio 5000 Logix Designer: Version 36.00.02 to 37.00.02

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER INPUT VALIDATION CWE-20

A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; however, it may be possible to execute malicious code without triggering a crash.

CVE-2025-7971 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-7971. A base score of 7.3 has been calculated; the CVSS vector string is (AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Rockwell Automation reported this vulnerability to CISA.

4. MITIGATIONS

Rockwell Automation recommends users to update to version 37.00.02 or later if possible. If users of the affected software are unable to upgrade the version, security best practices should be applied.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.

5. UPDATE HISTORY

• August 14, 2025: Initial Republication

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 6.8
• ATTENTION: Low Attack Complexity
• Vendor: Siemens
• Equipment: SIMOTION SCOUT, SIMOTION SCOUT TIA, SINAMICS STARTER
• Vulnerability: Improper Restriction of XML External Entity Reference

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to access arbitrary application files.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

• SIMOTION SCOUT TIA V5.4: All versions
• SINAMICS STARTER V5.6: All versions
• SINAMICS STARTER V5.7: All versions
• SIMOTION SCOUT TIA V5.5: All versions
• SIMOTION SCOUT TIA V5.6: Versions prior to V5.6 SP1 HF7
• SIMOTION SCOUT TIA V5.7: Versions prior to V5.7 SP1 HF1
• SIMOTION SCOUT V5.4: All versions
• SIMOTION SCOUT V5.5: All versions
• SIMOTION SCOUT V5.6: Versions prior to V5.6 SP1 HF7
• SIMOTION SCOUT V5.7: Versions prior to V5.7 SP1 HF1
• SINAMICS STARTER V5.5: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611

The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.

CVE-2025-40584 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2025-40584. A base score of 6.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Michael Heinzl reported this vulnerability to Siemens.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

• Do not open untrusted XML files in affected applications
• SIMOTION SCOUT V5.4, SIMOTION SCOUT V5.5, SINAMICS STARTER V5.5, SINAMICS STARTER V5.6: Currently no fix is planned
• SIMOTION SCOUT TIA V5.4, SIMOTION SCOUT TIA V5.5, SINAMICS STARTER V5.7: Currently no fix is available
• SIMOTION SCOUT TIA V5.6, SIMOTION SCOUT V5.6: Update to V5.6 SP1 HF7 or later version
• SIMOTION SCOUT TIA V5.7, SIMOTION SCOUT V5.7: Update to V5.7 SP1 HF1 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-186293 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

• August 14, 2025: Initial Republication of Siemens SSA-186293

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 8.5
• ATTENTION: Low attack complexity
• Vendor: Siemens
• Equipment: Web Installer
• Vulnerability: Uncontrolled Search Path Element

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

• Automation License Manager V6.0: All versions
• OpenPCS 7 V9.1: All versions
• SIMATIC WinCC Runtime Professional: All versions
• SIMATIC WinCC Runtime Professional V20: All versions
• SIMATIC WinCC TeleControl: All versions
• SIMATIC WinCC Unified Line Coordination: All versions
• SIMATIC WinCC Unified PC Runtime V18: All versions
• SIMATIC WinCC Unified PC Runtime V19: All versions
• SIMATIC WinCC Unified PC Runtime V20: All versions
• SIMATIC WinCC Unified Sequence: All versions
• SIMATIC WinCC V7.5: All versions
• SIMATIC WinCC V8.0: All versions
• OpenPCS 7 V10.0: All versions
• SIMATIC WinCC V8.1: Versions prior to V8.1 Update 3
• SIMATIC WinCC Visualization Architect (SiVArc) V17: All versions
• SIMATIC WinCC Visualization Architect (SiVArc) V18: All versions
• SIMATIC WinCC Visualization Architect (SiVArc) V19: All versions
• SIMATIC WinCC Visualization Architect (SiVArc) V20: All versions
• SIMATIC D7-SYS: All versions
• SIMIATIC Rapid Tester: All versions
• SIMIATIC Simulation Platform: All versions
• SINAMICS Startdrive V17: All versions
• SINAMICS Startdrive V18: All versions
• Siemens Network Planner (SINETPLAN): All versions
• SINAMICS Startdrive V19: All versions
• SINAMICS Startdrive V20: All versions
• SINEC NMS: Versions prior to 4.0
• SINEMA Remote Connect Client: All versions
• SITRANS: All versions
• Standard PID CTRL Tool: All versions
• TeleControl Server Basic V3.1: Versions prior to 3.1.2.2
• TIA Administrator: Versions prior to 3.0.6
• TIA Portal Cloud Connector: All versions
• TIA Portal Test Suite V17: All versions
• SIMATIC Automation Tool: All versions
• TIA Portal Test Suite V18: All versions
• TIA Portal Test Suite V19: All versions
• TIA Portal Test Suite V20: All versions
• TIA Project-Server: All versions
• TIA Project-Server V17: All versions
• WinCC Panel Image Setup: All versions
• SIMATIC Automation Tool SDK Windows: All versions
• SIMATIC BATCH V9.1: All versions
• SIMATIC BATCH V10.0: All versions
• SIMATIC Control Function Library (CFL) V1.0.0: All versions
• SIMATIC Control Function Library (CFL) V2.0: All versions
• SIMATIC Control Function Library (CFL) V3.0: All versions
• Automation License Manager V6.2: Versions prior to V6.2 Upd3
• SIMATIC Control Function Library (CFL) V4.0: All versions
• SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8): All versions
• SIMATIC eaSie Document Skills: All versions
• SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8): All versions
• SIMATIC eaSie Workflow Skills: All versions
• SIMATIC Energy Suite V17: All versions
• SIMATIC Energy Suite V18: All versions
• SIMATIC Energy Suite V19: All versions
• SIMATIC Logon V1.6: All versions
• SIMATIC Logon V2.0: All versions
• CEMAT V10.0: All versions
• SIMATIC Management Agent: All versions
• SIMATIC Management Console: All versions
• SIMATIC MTP CREATOR V3.x: All versions
• SIMATIC MTP CREATOR V4.x: All versions
• SIMATIC MTP CREATOR V2.x: All versions
• SIMATIC MTP CREATOR V5.x: All versions
• SIMATIC MTP Integrator V1.x: All versions
• SIMATIC MTP Integrator V2.x: All versions
• SIMATIC NET PC Software V16: All versions
• SIMATIC NET PC Software V17: All versions
• CP PtP Param configuring interface: All versions
• SIMATIC NET PC Software V18: All versions
• SIMATIC NET PC Software V19: All versions
• SIMATIC NET PC Software V20: Versions prior to V20.0 Update 1
• SIMATIC ODK 1500S: All versions
• SIMATIC PCS 7 Advanced Process Faceplates V9.1: All versions
• SIMATIC PCS 7 Advanced Process Functions V2.1: All versions
• SIMATIC PCS 7 Advanced Process Functions V2.2: All versions
• SIMATIC PCS 7 Advanced Process Graphics V9.1: All versions
• SIMATIC PCS 7 Advanced Process Graphics V10.0: All versions
• SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0: All versions
• Create MyConfig (CMC): All versions
• SIMATIC PCS 7 Advanced Process Library V9.1: All versions
• SIMATIC PCS 7 Basis Faceplates V9.1: All versions
• SIMATIC PCS 7 Basis Library V9.1: All versions
• SIMATIC PCS 7 Basis Library V10.0: All versions
• SIMATIC PCS 7 Industry Library V9.0: All versions
• SIMATIC PCS 7 Industry Library V9.1: All versions
• SIMATIC PCS 7 Industry Library V10.0: All versions
• SIMATIC PCS 7 Logic Matrix V9.1: All versions
• SIMATIC PCS 7 Logic Matrix V10.0: All versions
• SIMATIC PCS 7 MPC Configurator: All versions
• Energy Support Library (EnSL): All versions
• SIMATIC PCS 7 PowerControl: All versions
• SIMATIC PCS 7 Standard Chemical Library V9.1: All versions
• SIMATIC PCS 7 Standard Chemical Library V10.0: All versions
• SIMATIC PCS 7 TeleControl: All versions
• SIMATIC PCS 7 V9.1: All versions
• SIMATIC PCS 7 V10.0: All versions
• SIMATIC PCS 7/OPEN OS V9.1: All versions
• SIMATIC PCS neo V5.0: All versions
• SIMATIC PCS neo V6.0: Versions prior to V6.0 SP1
• SIMATIC PDM Maintenance Station V5.0: All versions
• FM Configuration Package: All versions
• SIMATIC PDM V9.2: All versions
• SIMATIC PDM V9.3: All versions
• SIMATIC Process Function Library (PFL) V4.0: All versions
• SIMATIC Process Historian 2020: All versions
• SIMATIC Process Historian 2022: All versions
• SIMATIC Process Historian 2024: All versions
• SIMATIC ProSave V17: All versions
• SIMATIC ProSave V18: All versions
• SIMATIC ProSave V19: Versions prior to V19 Update 4
• SIMATIC ProSave V20: All versions
• Modular PID CTRL Tool: All versions
• SIMATIC Route Control V9.1: All versions
• SIMATIC Route Control V10.0: All versions
• SIMATIC S7 F Systems V6.3: All versions
• SIMATIC S7 F Systems V6.4: All versions
• SIMATIC S7-1500 Software Controller V2: All versions
• SIMATIC S7-1500 Software Controller V3: All versions
• SIMATIC S7-Fail-safe Configuration Tool (S7-FCT): Versions prior to 4.0.1
• SIMATIC S7-PCT: All versions
• SIMATIC S7-PLCSIM Advanced: Versions prior to V7.0 Update 1
• SIMATIC S7-PLCSIM V17: All versions
• MultiFieldbus Configuration Tool (MFCT): All versions
• SIMATIC S7-PLCSIM V18: All versions
• SIMATIC S7-PLCSIM V19: All versions
• SIMATIC S7-PLCSIM V20: Versions prior to V20 Update 1
• SIMATIC Safety Matrix: All versions
• SIMATIC STEP 7 CFC V19: All versions
• SIMATIC STEP 7 CFC V20: All versions
• SIMATIC STEP 7 V5.7: All versions
• SIMATIC Target: All versions
• SIMATIC WinCC flexible ES: All versions
• SIMATIC WinCC Runtime Advanced: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

CVE-2025-30033 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-30033. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

• Harden the application host to prevent local access by untrusted personnel
• Install applications only from an empty directory, thereby minimizing the likelihood of malicious DLLs being present
• Automation License Manager V6.0, CEMAT V10.0, Energy Support Library (EnSL), SIMATIC BATCH V9.1, SIMATIC Logon V1.6, SIMATIC MTP CREATOR V3.x, SIMATIC MTP CREATOR V2.x, SIMATIC PCS 7 Industry Library V9.0, SIMATIC PCS neo V5.0, SIMATIC Process Function Library (PFL) V4.0, SIMATIC Process Historian 2020, SIMATIC ProSave V18, SIMATIC S7 F Systems V6.3, SIMATIC STEP 7 CFC V19, SIMATIC STEP 7 CFC V20: Currently no fix is planned
• CP PtP Param configuring interface, Create MyConfig (CMC), FM Configuration Package, Modular PID CTRL Tool, MultiFieldbus Configuration Tool (MFCT), OpenPCS 7 V9.1, OpenPCS 7 V10.0, Siemens Network Planner (SINETPLAN), SIMATIC Automation Tool, SIMATIC Automation Tool SDK Windows, SIMATIC BATCH V10.0, SIMATIC Control Function Library (CFL) V1.0.0, SIMATIC Control Function Library (CFL) V2.0, SIMATIC Control Function Library (CFL) V3.0, SIMATIC Control Function Library (CFL) V4.0, SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8), SIMATIC eaSie Document Skills, SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8), SIMATIC eaSie Workflow Skills, SIMATIC Energy Suite V17, SIMATIC Energy Suite V18, SIMATIC Energy Suite V19, SIMATIC Logon V2.0, SIMATIC Management Agent, SIMATIC Management Console, SIMATIC MTP CREATOR V4.x, SIMATIC MTP CREATOR V5.x, SIMATIC MTP Integrator V1.x, SIMATIC MTP Integrator V2.x, SIMATIC NET PC Software V16, SIMATIC NET PC Software V17, SIMATIC NET PC Software V18, SIMATIC NET PC Software V19, SIMATIC ODK 1500S, SIMATIC PCS 7 Advanced Process Faceplates V9.1, SIMATIC PCS 7 Advanced Process Functions V2.1, SIMATIC PCS 7 Advanced Process Functions V2.2, SIMATIC PCS 7 Advanced Process Graphics V9.1, SIMATIC PCS 7 Advanced Process Graphics V10.0, SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0, SIMATIC PCS 7 Advanced Process Library V9.1, SIMATIC PCS 7 Basis Faceplates V9.1, SIMATIC PCS 7 Basis Library V9.1, SIMATIC PCS 7 Basis Library V10.0, SIMATIC PCS 7 Industry Library V9.1, SIMATIC PCS 7 Industry Library V10.0, SIMATIC PCS 7 Logic Matrix V9.1, SIMATIC PCS 7 Logic Matrix V10.0, SIMATIC PCS 7 MPC Configurator, SIMATIC PCS 7 PowerControl, SIMATIC PCS 7 Standard Chemical Library V9.1, SIMATIC PCS 7 Standard Chemical Library V10.0, SIMATIC PCS 7 TeleControl, SIMATIC PCS 7 V9.1, SIMATIC PCS 7 V10.0, SIMATIC PCS 7/OPEN OS V9.1, SIMATIC PDM Maintenance Station V5.0, SIMATIC PDM V9.2, SIMATIC PDM V9.3, SIMATIC Process Historian 2022, SIMATIC Process Historian 2024, SIMATIC ProSave V17, SIMATIC ProSave V20, SIMATIC Route Control V9.1, SIMATIC Route Control V10.0, SIMATIC S7 F Systems V6.4, SIMATIC S7-1500 Software Controller V2, SIMATIC S7-1500 Software Controller V3, SIMATIC S7-PCT, SIMATIC S7-PLCSIM V17, SIMATIC S7-PLCSIM V18, SIMATIC S7-PLCSIM V19, SIMATIC Safety Matrix, SIMATIC STEP 7 V5.7, SIMATIC Target, SIMATIC WinCC flexible ES, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC Runtime Professional V20, SIMATIC WinCC TeleControl, SIMATIC WinCC Unified Line Coordination, SIMATIC WinCC Unified PC Runtime V18, SIMATIC WinCC Unified PC Runtime V19, SIMATIC WinCC Unified PC Runtime V20, SIMATIC WinCC Unified Sequence, SIMATIC WinCC V7.5, SIMATIC WinCC V8.0, SIMATIC WinCC Visualization Architect (SiVArc) V17, SIMATIC WinCC Visualization Architect (SiVArc) V18, SIMATIC WinCC Visualization Architect (SiVArc) V19, SIMATIC WinCC Visualization Architect (SiVArc) V20, SIMATIC D7-SYS, SIMIT Rapid Tester, SIMIT Simulation Platform, SINAMICS Startdrive V17, SINAMICS Startdrive V18, SINAMICS Startdrive V19, SINAMICS Startdrive V20, SINEMA Remote Connect Client, SITRANS, Standard PID CTRL Tool, TIA Portal Cloud Connector, TIA Portal Test Suite V17, TIA Portal Test Suite V18, TIA Portal Test Suite V19, TIA Portal Test Suite V20, TIA Project-Server, TIA Project-Server V17, WinCC Panel Image Setup: Currently no fix is available
• SIMATIC ProSave V19: Update to V19 Update 4 or later version
• SIMATIC S7-PLCSIM V20: Update to V20 Update 1 or later version
• SIMATIC NET PC Software V20: Update to V20.0 Update 1 or later version
• TIA Administrator: Update to V3.0.6 or later version
• TeleControl Server Basic V3.1: Update to V3.1.2.2 or later version
• SINEC NMS: Update to V4.0 or later version
• SIMATIC S7-Fail-safe Configuration Tool (S7-FCT): Update to V4.0.1 or later version
• SIMATIC PCS neo V6.0: Update to V6.0 SP1 or later version
• Automation License Manager V6.2: Update to V6.2 Upd3 or later version
• SIMATIC S7-PLCSIM Advanced: Update to V7.0 Update 1 or later version
• SIMATIC WinCC V8.1: Update to V8.1 Update 3 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-282044 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

• August 14, 2025: Initial Republication of Siemens SSA-282044

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 8.8
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: Siemens
• Equipment: SINEC Traffic Analyzer
• Vulnerabilities: NULL Pointer Dereference, Use After Free, Uncontrolled Resource Consumption, Execution with Unnecessary Privileges, Exposure of Sensitive Information to an Unauthorized Actor, Irrelevant Code, Channel Accessible by Non-Endpoint

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or gain elevated access and access to sensitive resources.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports the following products are affected:

• Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0): All versions prior to 3.0 (CVE-2024-24989, CVE-2024-24990, CVE-2025-40766, CVE-2025-40767, CVE-2025-40768, CVE-2025-40769)
• Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0): All versions (CVE-2025-40770)

3.2 VULNERABILITY OVERVIEW

3.2.1 NULL POINTER DEREFERENCE CWE-476

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html. Note: Software versions that have reached End of Technical Support (EoTS) are not evaluated.

CVE-2024-24989 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.2 USE AFTER FREE CWE-416

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2024-24990 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.2.3 UNCONTROLLED RESOURCE CONSUMPTION CWE-400

The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack.

CVE-2025-40766 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40766. A base score of 6.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).

3.2.4 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources.

CVE-2025-40767 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40767. A base score of 8.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).

3.2.5 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200

The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application.

CVE-2025-40768 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40768. A base score of 7.0 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N).

3.2.6 IRRELEVANT CODE CWE-1164

The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site scripting attacks.

CVE-2025-40769 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40769. A base score of 7.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.2.7 CHANNEL ACCESSIBLE BY NON-ENDPOINT CWE-300

The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks.

CVE-2025-40770 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-40770. A base score of 7.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Energy
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens ProductCERT reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

• (CVE-2024-24989, CVE-2024-24990, CVE-2025-40766, CVE-2025-40767, CVE-2025-40768, CVE-2025-40769) SINEC Traffic Analyzer (6GK8822-1BG01-0BA0): Update to V3.0 or later version
• (CVE-2025-40770) SINEC Traffic Analyzer (6GK8822-1BG01-0BA0): Currently no fix is available

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-517338 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

• Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
• Locate control system networks and remote devices behind firewalls and isolating them from business networks.
• When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY

• August 14, 2025: Initial Republication of Siemens ProductCERT SSA-517338

Scientists decoded the silent inner thoughts of four people with paralysis, a breakthrough that could transform assistive speech.

‘Thunderbolts’ makes its way to Disney+ on August 27.

A third of people don’t even know this STD exists, a new study finds.

Companies ready to move beyond reactive defense and toward full-spectrum protection need to invest in strategies that rally around resiliency, unified cybersecurity, and data protection.

Microsoft originally encouraged its employees to work from home amid the coronavirus outbreak in 2020. This new flexible working arrangement then became an official “hybrid workplace” policy several months after the pandemic began, allowing managers to approve permanent remote work. Now that the pandemic has settled into endemicity, Microsoft wants employees to return to the […]