Productcert
The latest Productcert coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-33023: No Patch for Siemens ROX II Upload Flaw Threatening Critical Manufacturing Networks
Siemens RUGGEDCOM ROX II industrial networking devices — deployed worldwide in critical manufacturing and energy sectors — carry a dangerous unrestricted file upload vulnerability that allows...
Siemens CROSSBOW SAC Emergency Patch: Critical SQLite Flaws Enable Remote Code Execution
Siemens has released emergency patches for its RUGGEDCOM CROSSBOW Station Access Controller (SAC) after security researchers uncovered multiple critical vulnerabilities in the SQLite database engine...
CVE-2024-8894: Siemens COMOS Vulnerability – Patch ODA Drawing Flaw Before It's Exploited
{ "title": "CVE-2024-8894: Siemens COMOS Vulnerability – Patch ODA Drawing Flaw Before It's Exploited", "content": "A critical memory corruption flaw in a widely used third-party graphics...
Siemens RTLS Backup Script Vulnerability Allows Full SYSTEM Takeover
A single flawed backup script in Siemens' industrial location tracking software can hand an attacker full SYSTEM-level control of the underlying Windows server. That is the sobering reality of...
Siemens SIPROTEC 4 Vulnerability Rated CVSS 8.7, No Fix Planned for Most Affected Relays
Siemens has disclosed a remotely exploitable denial-of-service vulnerability, tracked as CVE-2024-52504, that affects a wide array of SIPROTEC 4 and SIPROTEC 4 Compact protection relays—and the...
Patch Now: Siemens BFCClient OpenSSL Flaws Leave Industrial Systems Exposed to Remote Attacks
Siemens has issued an urgent security advisory for its Brownfield Connectivity Client (BFCClient), a critical piece of software that bridges legacy industrial machinery to modern IT systems, after...
CVE-2025-40584: Siemens SIMOTION and SINAMICS Tools Vulnerable to XXE File Disclosure, Some Left Unpatched
Siemens has acknowledged a critical XML External Entity (XXE) vulnerability—tracked as CVE-2025-40584—affecting multiple versions of its SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER...
Siemens Patches Critical Remote Exploits in SINEC Management Suite and Embedded OS, Urging Immediate ICS Updates
Siemens has delivered patches for a cascade of high-severity vulnerabilities across its SINEC network management system and embedded operating system, fixing flaws that could allow attackers to...
Siemens SINEC OS Advisory Exposes Over 100 Third-Party Kernel Flaws, Shifts Patch Burden to ProductCERT
Siemens has released a sprawling security advisory covering third-party components inside its SINEC operating system, cataloguing more than a hundred Linux kernel and userland vulnerabilities that...
Siemens Urges Immediate Patch for SIMATIC RTLS Locating Manager as Two New Flaws Threaten Industrial Operations
Siemens has released an urgent security advisory detailing two newly tracked vulnerabilities in its SIMATIC RTLS Locating Manager, the Windows-based server component that processes ultra-wideband tag...
Siemens Flags CVSS 8.5 DLL Hijacking in Web Installer, Urges Immediate Mitigation for ICS Products
Siemens has confirmed a severe vulnerability in its Web Installer used by the Online Software Delivery (OSD) mechanism, allowing attackers to hijack the installation process and execute arbitrary...
Siemens SINEC Traffic Analyzer Flaws: Container Escapes, XSS Expose OT Networks
A cascade of five newly disclosed vulnerabilities in Siemens' SINEC Traffic Analyzer—a network monitoring tool deployed across utilities, manufacturing, and energy sectors—enables attackers to...