As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition.
Siemens reports that the following products are affected:
Allocation of resources for multipart headers with insufficient limits enables a denial-of-service vulnerability in Apache Commons FileUpload.
CVE-2025-48976 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2025-48976. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).
Siemens reported this vulnerability to CISA.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.
For more information, see the associated Siemens security advisory SSA-640476 in HTML and CSAF.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
Successful exploitation of this vulnerability could allow users to escalate their privileges.
Siemens reports that the following products are affected:
The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.
CVE-2025-40594 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L).
A CVSS v4 score has also been calculated for CVE-2025-40594. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L).
Siemens ProductCERT reported this vulnerability to CISA.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage
For more information see the associated Siemens security advisory SSA-027652 in HTML and CSAF.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component.
Siemens reports that the following products are affected:
Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%temp and unprivileged users can place a crafted executable file by winning a race condition. This occurs because EW_CREATEDIR does not always set the CreateRestrictedDirectory error flag.
CVE-2025-43715 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Siemens reported this vulnerability to CISA.
Siemens reports that no fix currently is available. Siemens has also identified the following workarounds and mitigations users can apply to reduce risk:
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage
For more information see the associated Siemens security advisory SSA-563922 in HTML and CSAF.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.
Successful exploitation of this vulnerability could allow attackers to prevent firmware updates and disrupt the webserver’s proper behavior by removing specific files or directories from the filesystem.
Schneider Electric reports that the following products are affected:
A Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.
CVE-2024-5056 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).
A CVSS v4 score has also been calculated for CVE-2024-5056. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N).
Yanis Wang of DAS-Security reported this vulnerability to Schneider Electric. Schneider Electric reported this vulnerability to CISA.
Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:
Modbus/TCP Ethernet Modicon M340 module: Version SV3.60 of BMXNOE0100 includes a fix for this vulnerability and is available for download here.
Modbus/TCP Ethernet Modicon M340 FactoryCast module: Version SV6.80 of BMXNOE0110 includes a fix for this vulnerability and is available for download here.
Schneider Electric is establishing a remediation plan for all future versions of Modicon M340 that will include a fix for this vulnerability. They will provide an update when the remediation is available. Until then, users should immediately apply the following mitigations to reduce the risk of exploit:
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2024-163-01, SEVD-2024-163-01 CSAF Version.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
Successful exploitation of this vulnerability could allow an attacker to access or alter sensitive data without proper authorization.
Siemens reports that the following products are affected:
The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization.
CVE-2025-40804 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
A CVSS v4 score has also been calculated for CVE-2025-40804. A base score of 9.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N).
Tim Dijkman from Powerspex reported this vulnerability to Siemens.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage
For more information see the associated Siemens security advisory SSA-534283 in HTML and CSAF.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the system.
The following versions of Daikin Security Gateway are affected:
Daikin Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.
CVE-2025-10127 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-10127. A base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L).
CISA discovered a public Proof of Concept (PoC) as authored by Gjoko Krstic and reported it to Daikin.
Daikin has reported they will not fix this vulnerability and will respond directly to user inquiries.
For more information, contact Daikin customer support.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
Successful exploitation of these vulnerabilities could allow an attacker to access non-sensitive information without authentication or potentially cause a temporary denial of service.
Siemens reports that the following products are affected:
The affected device may be susceptible to resource exhaustion when subjected to high volumes of query requests. This could allow an attacker to cause a temporary denial of service, with the system recovering once the activity stops.
CVE-2025-40802 has been assigned to this vulnerability. A CVSS v3.1 base score of 3.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
A CVSS v4 score has also been calculated for CVE-2025-40802. A base score of 2.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).
The affected device exposes certain non-critical information from the device. This could allow an unauthenticated attacker to access sensitive data, potentially leading to a breach of confidentiality.
CVE-2025-40803 has been assigned to this vulnerability. A CVSS v3.1 base score of 3.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2025-40803. A base score of 2.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N).
Siemens ProductCERT reported these vulnerabilities to CISA.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage
For more information see the associated Siemens security advisory SSA-494539 in HTML and CSAF.
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.
The “Pro”-level iPhone 17 may finally end its amateur career and join the major leagues.
