Productcert
The latest Productcert coverage — news, analysis, and updates from the WindowsNews.AI desk.
Critical Siemens UMC Stack Overflow Grants Unauthenticated RCE — Patch to V2.15.1.3 Immediately
Siemens dropped a high-severity ProductCERT advisory on September 9, 2025, warning that its User Management Component (UMC) harbors a remotely exploitable stack-based buffer overflow that lets...
Siemens RUGGEDCOM Flaws: Block UDP Ports for Instant Mitigation, CISA Says
Industrial operators using Siemens RUGGEDCOM RST2428P switches can immediately protect their networks from two newly disclosed vulnerabilities by implementing a straightforward firewall rule,...
Windows OT Security Alert: Siemens Flaw CVE-2025-40757 Leaks Device Databases Over BACnet
A newly disclosed vulnerability in Siemens APOGEE PXC and TALON TC building automation controllers allows unauthenticated attackers to pull encrypted database files directly over the BACnet protocol,...
Critical Siemens SIVaaS Bug Exposes Windows-Hosted Automation VMs to Remote Tampering Without Logins
A critical vulnerability in Siemens’ SIMATIC Virtualization as a Service (SIVaaS) has been assigned CVE-2025-40804, carrying a CVSS v3.1 base score of 9.1 and a CVSS v4 score of 9.3. The flaw—an...
Patch Gap: Siemens SINAMICS S200 Drives Left Vulnerable as CISA Issues Warning on CVE-2025-40594
Siemens has disclosed a privilege‑escalation vulnerability in its widely‑deployed SINAMICS drive family that allows an attacker with local network access to trigger factory resets and alter...
Mendix SAML Signature Bypass Allows Remote Account Hijacking; Siemens Urges Immediate Patches
Siemens on August 14, 2025, disclosed a critical vulnerability in its Mendix SAML module that could allow unauthenticated attackers to bypass cryptographic signature verification and hijack user...
Urgent: Siemens RUGGEDCOM APE1808 Bugs Let Attackers Hijack Industrial Control Appliances
{ "title": "Urgent: Siemens RUGGEDCOM APE1808 Bugs Let Attackers Hijack Industrial Control Appliances", "content": "Siemens has disclosed two high-severity vulnerabilities in its RUGGEDCOM...
Siemens Patches Critical Simcenter Femap Bugs Allowing Code Execution from Malicious STP and BMP Files
Siemens has released urgent patches for two high-severity vulnerabilities in its Simcenter Femap engineering simulation software that could allow local attackers to execute arbitrary code by...
Siemens Engineering Software Hit by CVE-2024-54678: Local Code Execution Risk via IPC Flaw
Industrial control system operators are scrambling to assess their exposure after Siemens disclosed a critical deserialization flaw, tracked as CVE-2024-54678, that affects a broad range of its...