p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-04.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. /strong /p p The following versions of Siemens Analytics Toolkit are affected: /p ul li Siemens Software Center vers:intdot/ lt;3.5.8.2 (CVE-2025-40745) /li li Simcenter 3D vers:intdot/ lt;2506.6000 (CVE-2025-40745) /li li Simcenter Femap vers:intdot/ lt;2506.0002 (CVE-2025-40745) /li li Simcenter STAR-CCM+ vers:intdot/ lt;2602 (CVE-2025-40745) /li li Solid Edge SE2025 /li li Solid Edge SE2026 /li li Tecnomatix Plant Simulation vers:intdot/ lt;2504.0008 (CVE-2025-40745) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 3.7 /td td Siemens /td td Siemens Analytics Toolkit /td td Improper Certificate Validation /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-40745 /a /h3 div class="csaf-accordion-content" p Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-40745" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens Analytics Toolkit /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025, Solid Edge SE2026, Tecnomatix Plant Simulation /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Update to V225.0 Update 13 or later version br a href="https://support.sw.siemens.com/product/246738425/" https://support.sw.siemens.com/product/246738425/ /a /p p strong Vendor fix /strong br Update to V226.0 Update 04 or later version br a href="https://support.sw.siemens.com/product/246738425/" https://support.sw.siem
Security & IT News
LiveReal-time news from 13+ trusted sources — BleepingComputer, The Hacker News, Krebs on Security, Dark Reading & more.
733 results in Vulnerability
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-07.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. /strong /p p The following versions of Siemens SCALANCE are affected: /p ul li SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) vers:intdot/ lt;6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) /li li SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) vers:intdot/ lt;6.6.0 (C
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-05.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. /strong /p p The following versions of Hardy Barth Salia EV Charge Controller are affected: /p ul li Salia Board Firmware lt;=2.3.81 (CVE-2025-5873, CVE-2025-10371) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.3 /td td Hardy Barth /td td Hardy Barth Salia EV Charge Controller /td td Unrestricted Upload of File with Dangerous Type /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Energy, Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-5873 /a /h3 div class="csaf-accordion-content" p A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.3.81. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-5873" View CVE Details /a /p hr h4 Affected Products /h4 h5 Hardy Barth Salia EV Charge Controller /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Hardy Barth /div div class="ics-version" strong Product Version: /strong br Hardy Barth Salia Board Firmware: lt;=2.3.81 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Hardy Barth did not respond to CISA's request for coordination. /p p strong Mitigation /strong br Contact Hardy Barth using their contact page here: https://www.hardy-barth.de/de/kontakt for more information. br a href="https://www.hardy-barth.de/de/kontakt" https://www.hardy-barth.de/de/kontakt /a /p p strong Mitigation /strong br Alternatively, Hardy Barth can also be contacted through their eCharge brand here: https://www.echarge.de/en/contact_company br a href="https://www.echarge.de/en/contact_company" https://www.echarge.de/en/contact_company /a /p /div p strong Relevant
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-03.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Siemens SINEC NMS when used with User Management Component (UMC) contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. /strong /p p The following versions of Siemens SINEC NMS are affected: /p ul li SINEC NMS /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.3 /td td Siemens /td td Siemens SINEC NMS /td td Improper Verification of Cryptographic Signature /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-24032 /a /h3 div class="csaf-accordion-content" p The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application. (ZDI-CAN-27564) /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-24032" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens SINEC NMS /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br SINEC NMS /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Update to V4.0 SP3 or later version br a href="https://support.industry.siemens.com/cs/ww/en/view/110000760/" https://support.industry.siemens.com/cs/ww/en/view/110000760/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/347.html" CWE-347 Improper Verification of Cryptographic Signature /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th role="columnheader" Vector String /th /tr
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-06.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to pair via Bluetooth with a motorcycle, gaining unauthorized access to all Bluetooth functions, including changing the firmware. /strong /p p The following versions of Zero Motorcycles Firmware are affected: /p ul li Zero Motorcycles firmware lt;=44 (CVE-2026-1354) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 6.4 /td td Zero Motorcycles /td td Zero Motorcycles Firmware /td td Key Exchange without Entity Authentication /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Transportation Systems /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-1354 /a /h3 div class="csaf-accordion-content" p Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first be in Bluetooth pairing mode, and the attacker must be in proximity of the vehicle and understand the full pairing process, to be able to pair their device with the vehicle. The attacker's device must remain paired with and in proximity of the motorcycle for the entire duration of the firmware update. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-1354" View CVE Details /a /p hr h4 Affected Products /h4 h5 Zero Motorcycles Firmware /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Zero Motorcycles /div div class="ics-version" strong Product Version: /strong br Zero Motorcycles Zero Motorcycles firmware: lt;=44 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Zero Motorcycles has investigated this report and cautions users to pair their mobile device to their vehicle in a safe location where they can be sure no one else will try to pair at the same time. Once initiated, complete the full pairing process and confirm it is successful. Store physical keys in a secure location and do not leave the bike unattended with the key in the "ON" position. Zero Motorcycles plans to address
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-11.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versions for the affected products and recommends to update to the latest versions. /strong /p p The following versions of Siemens Industrial Edge Management are affected: /p ul li Industrial Edge Management Pro V1 vers:intdot/ gt;=1.7.6| lt;1.15.17 (CVE-2026-33892) /li li Industrial Edge Management Pro V2 vers:intdot/ gt;=2.0.0| lt;2.1.1 (CVE-2026-33892) /li li Industrial Edge Management Virtual vers:intdot/ gt;=2.2.0| lt;2.8.0 (CVE-2026-33892) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.1 /td td Siemens /td td Siemens Industrial Edge Management /td td Authentication Bypass by Primary Weakness /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-33892 /a /h3 div class="csaf-accordion-content" p Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-33892" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens Industrial Edge Management /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br Industrial Edge Management Pro V1, Industrial Edge Management Pro V2, Industrial Edge Management Virtual /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Ensure network ac
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong The products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information disclosure or denial of service of the TPM. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available. /strong /p p The following versions of Siemens TPM 2.0 are affected: /p ul li SIMATIC CN 4100 vers:all/* (CVE-2025-2884) /li li SIMATIC Field PG M5 vers:all/* (CVE-2025-2884) /li li SIMATIC Field PG M6 vers:all/* (CVE-2025-2884) /li li SIMATIC IPC BX-32A vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC BX-39A vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC BX-56A vers:intdot/ lt;32.01.09 (CVE-2025-2884) /li li SIMATIC IPC BX-59A vers:intdot/ lt;32.01.09 (CVE-2025-2884) /li li SIMATIC IPC MD-57A vers:intdot/ lt;30.01.10 (CVE-2025-2884) /li li SIMATIC IPC PX-32A vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC PX-39A vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC PX-39A PRO vers:intdot/ lt;29.01.09 (CVE-2025-2884) /li li SIMATIC IPC RW-528A vers:intdot/ lt;34.01.02 (CVE-2025-2884) /li li SIMATIC IPC RW-548A vers:intdot/ lt;34.01.02 (CVE-2025-2884) /li li SIMATIC IPC227E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC277E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC427E vers:intdot/ lt;21.01.20 (CVE-2025-2884) /li li SIMATIC IPC477E vers:intdot/ lt;21.01.20 (CVE-2025-2884) /li li SIMATIC IPC477E PRO vers:intdot/ lt;21.01.20 (CVE-2025-2884) /li li SIMATIC IPC627E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC647E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC677E vers:all/* (CVE-2025-2884) /li li SIMATIC IPC847E vers:all/* (CVE-2025-2884) /li li SIMATIC ITP1000 vers:all/* (CVE-2025-2884) /li li SIPLUS IPC427E vers:intdot/ lt;21.01.20 (CVE-2025-2884) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 6.6 /td td Siemens /td td Siemens TPM 2.0 /td td Out-of-bounds Read /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-2884 /a /h3 div class="csaf-accordion-conten
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-08.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains a vulnerability that could allow an attacker to achieve arbitrary code execution and to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller (SAC) and recommends to update to the latest version. /strong /p p The following versions of Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) are affected: /p ul li RUGGEDCOM CROSSBOW Station Access Controller (SAC) vers:intdot/ lt;5.8 (CVE-2025-6965) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.7 /td td Siemens /td td Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) /td td Numeric Truncation Error /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-6965 /a /h3 div class="csaf-accordion-content" p There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-6965" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br RUGGEDCOM CROSSBOW Station Access Controller (SAC) /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br Update to V5.8 or later version br a href="https://support.industry.siemens.com/cs/ww/en/view/110000841/" https://support.industry.siemens.com/cs/ww/en/view/110000841/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/197.html" CWE-197 Numeric Truncation Error /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Sc
p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-09.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. /strong /p p The following versions of Siemens SINEC NMS are affected: /p ul li SINEC NMS /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.8 /td td Siemens /td td Siemens SINEC NMS /td td Authorization Bypass Through User-Controlled Key /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-25654 /a /h3 div class="csaf-accordion-content" p Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-25654" View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens SINEC NMS /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Siemens /div div class="ics-version" strong Product Version: /strong br SINEC NMS /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Limit network access to trusted users and systems only /p p strong Vendor fix /strong br Update to V4.0 SP3 or later version br a href="https://support.industry.siemens.com/cs/ww/en/view/110000760/" https://support.industry.siemens.com/cs/ww/en/view/110000760/ /a /p /div p strong Relevant CWE: /strong a href="https://cwe.mitre.org/data/definitions/639.html" CWE-639 Authorization Bypass Through User-Controlled Key /a /p hr h4 Metrics /h4 div class="csaf-table csaf-metrics-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS Version /th th role="columnheader" Base Score /th th role="columnheader" Base Severity /th th role="columnheader" Vector String /th /tr /
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. [...]
Cloud app developer Vercel appears to have suffered a security breach
There have been reports of threat actors using a .wav file as a vector for malware . It's a proper .wav file, but they didn't use staganography. The .wav file will play, but you'll just hear noise: That's because the TAs have just replaced the bytes that encode the sound with the BASE64 representation of their payload: Thus I don't need a .wav parser to extract the encoded payload, I can just use my base64dump.py tool: The BASE64-decoded payload is an XOR-encoded PE file. So I don't need to make a custom decoder, I can just perform a known-plaintext attack looking for the DOS header with my xor-kpa.py tool: The XOR key was found. Thus we can easily dump the decoded PE file and see the MZ header at position 0x08 and a bit further down the DOS header we used in the known-plaintext-attack: And my tool pecheck.py can extract an analyse the sample : Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-27351 (CVSS score: 8.2) - An improper authentication vulnerability in PaperCut
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency assets. [...]
A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code. SGLang is a high-performance, open-source serving
Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. [...]
Backups protect data, but don't keep your business running during downtime. Datto shows why BCDR is essential to keep operations running during ransomware and outages. [...]
Microsoft is rolling out multiple File Explorer changes to Windows 11 users in the Insider program, including improvements to launch speed and performance. [...]