Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Urgent: Siemens RUGGEDCOM APE1808 Bugs Let Attackers Hijack Industrial Control Appliances
{ "title": "Urgent: Siemens RUGGEDCOM APE1808 Bugs Let Attackers Hijack Industrial Control Appliances", "content": "Siemens has disclosed two high-severity vulnerabilities in its RUGGEDCOM...
Siemens Admits No Fix Planned for Critical PLCSIM Vulnerability as TIA Portal Flaw Scores 8.5 CVSS
Siemens has disclosed a high-severity deserialization vulnerability in its TIA Portal engineering platform that carries a CVSS v4 score of 8.5, and in a troubling admission, says no fix is planned...
Siemens Patches Critical Simcenter Femap Bugs Allowing Code Execution from Malicious STP and BMP Files
Siemens has released urgent patches for two high-severity vulnerabilities in its Simcenter Femap engineering simulation software that could allow local attackers to execute arbitrary code by...
Siemens Engineering Software Hit by CVE-2024-54678: Local Code Execution Risk via IPC Flaw
Industrial control system operators are scrambling to assess their exposure after Siemens disclosed a critical deserialization flaw, tracked as CVE-2024-54678, that affects a broad range of its...
Rockwell FactoryTalk ViewPoint Flaw Lets Attackers Hijack MSI Repairs for SYSTEM Access
A critical privilege escalation vulnerability in Rockwell Automation’s FactoryTalk ViewPoint HMI thin-client software allows a low-privileged local attacker to gain SYSTEM-level control of...
CISA Flags 32 Critical Flaws in Siemens and Rockwell Gear—Some Require Physical Resets
Federal cybersecurity officials on August 14 published thirty-two advisories covering industrial control systems from Siemens, Rockwell Automation, and other vendors, warning that many of the...
Physical Access Exploit Can Crash Siemens SIPROTEC 5 Relays via USB: Patch and Mitigation Guide for CVE-2025-40570
An attacker with physical access to a Siemens SIPROTEC 5 protection relay can halt its network communications within seconds by flooding the USB port with specially crafted packets. The...
CVE-2025-33023: No Patch for Siemens ROX II Upload Flaw Threatening Critical Manufacturing Networks
Siemens RUGGEDCOM ROX II industrial networking devices — deployed worldwide in critical manufacturing and energy sectors — carry a dangerous unrestricted file upload vulnerability that allows...
Siemens CROSSBOW SAC Emergency Patch: Critical SQLite Flaws Enable Remote Code Execution
Siemens has released emergency patches for its RUGGEDCOM CROSSBOW Station Access Controller (SAC) after security researchers uncovered multiple critical vulnerabilities in the SQLite database engine...
Unpatched Flaw in Siemens SINEC Traffic Analyzer Puts OT Networks at Risk of Takeover
Siemens disclosed a cluster of seven high-severity vulnerabilities in its SINEC Traffic Analyzer, a PROFINET monitoring appliance, that together could allow attackers to crash the system, escalate...
CodeMeter 8.30a Fixes Privilege Escalation (CVE-2025-47809) Affecting Siemens Windows ICS
A newly disclosed local privilege escalation vulnerability in Wibu-Systems CodeMeter Runtime (CVE-2025-47809) enables unprivileged Windows users to gain SYSTEM-level access during the brief...
CVE-2024-8894: Siemens COMOS Vulnerability – Patch ODA Drawing Flaw Before It's Exploited
{ "title": "CVE-2024-8894: Siemens COMOS Vulnerability – Patch ODA Drawing Flaw Before It's Exploited", "content": "A critical memory corruption flaw in a widely used third-party graphics...