Cvss
The latest Cvss coverage — news, analysis, and updates from the WindowsNews.AI desk.
Siemens RTLS Backup Script Vulnerability Allows Full SYSTEM Takeover
A single flawed backup script in Siemens' industrial location tracking software can hand an attacker full SYSTEM-level control of the underlying Windows server. That is the sobering reality of...
Siemens Energy Meters Exposed: Cleartext SMTP Passwords Threaten Utility Networks
Siemens has confirmed that multiple models in its SICAM Q100 and Q200 power meter families store SMTP account passwords in plaintext, a design flaw that lets any authenticated local user extract...
Siemens Flags CVSS 8.5 DLL Hijacking in Web Installer, Urges Immediate Mitigation for ICS Products
Siemens has confirmed a severe vulnerability in its Web Installer used by the Online Software Delivery (OSD) mechanism, allowing attackers to hijack the installation process and execute arbitrary...
Siemens RUGGEDCOM ROX II BIST Flaw Gives Physical Attackers Root Shell
Siemens has disclosed a high-severity authentication bypass vulnerability in its RUGGEDCOM ROX II industrial networking devices that allows an attacker with physical access to the serial console to...
Microsoft Fixes Hyper-V Sync Bug (CVE-2025-47999) That Allows Adjacent Attackers to Crash Virtual Hosts
Microsoft has released a security update for a denial-of-service vulnerability in Windows Hyper‑V, cataloged as CVE‑2025‑47999, that lets an attacker on an adjacent network crash virtualisation...
Critical 8.4 CVSS Flaws in Ashlar-Vellum Cobalt/Xenon/Argon Allow Code Execution via Malicious CAD Files
A CISA advisory published this week warns that multiple Ashlar‑Vellum professional CAD and 3D modeling applications harbor memory‑corruption vulnerabilities carrying a CVSS v4 base score of 8.4....
Sante PACS Server Flaws Chain Path Traversal, Double-Free, XSS—Patch Urged as Advisories Clash
Security researchers have disclosed a quartet of vulnerabilities in Sante PACS Server, a medical imaging platform deployed across clinics and hospitals, that combine to create a near-critical risk of...
Critical Remote Access Vulnerability in Güralp FMUS Seismic Monitoring Devices: Risks, Mitigations, and Industry Lessons
Industrial control systems (ICS) security has become a linchpin issue for organizations safeguarding critical infrastructure—ranging from power grids to seismic monitoring networks. Each disclosure...
Festo Industrial Control Vulnerabilities: Critical Risks and How to Secure Your Systems
Festo's industrial control systems, deployed in critical manufacturing environments worldwide, have come under intense cybersecurity scrutiny following the discovery of multiple high-severity...
Bitwarden PDF XSS Flaw (CVE-2025-5138) Exposes Passwords: Users Urged to Patch Immediately
A critical cross-site scripting vulnerability in Bitwarden’s PDF file handling can allow attackers to hijack user vaults by simply uploading a malicious document. Tracked as CVE-2025-5138, the flaw...
Critical SSH Vulnerability in Schneider Electric UPS Devices Threatens Global Infrastructure
In the shadowed recesses of industrial control systems, a silent sentinel has turned vulnerable: Schneider Electric's uninterruptible power supply (UPS) devices, foundational to global energy...
Critical Siemens Siveillance Video Vulnerability (CVE-2025-1688) Exposes Security Cameras to Attack
Imagine a scenario where an attacker gains complete administrative control over the security cameras protecting a power plant, a hospital, or a transportation hub—not through sophisticated zero-day...