Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Siemens RTLS Backup Script Vulnerability Allows Full SYSTEM Takeover
A single flawed backup script in Siemens' industrial location tracking software can hand an attacker full SYSTEM-level control of the underlying Windows server. That is the sobering reality of...
Siemens SIPROTEC 4 Vulnerability Rated CVSS 8.7, No Fix Planned for Most Affected Relays
Siemens has disclosed a remotely exploitable denial-of-service vulnerability, tracked as CVE-2024-52504, that affects a wide array of SIPROTEC 4 and SIPROTEC 4 Compact protection relays—and the...
Rockwell's FactoryTalk Linx Flaw Scores 9.0: Deploy v6.50 Patch Now to Block Token Bypass
A critical vulnerability in Rockwell Automation’s FactoryTalk Linx allows attackers to bypass FTSP token validation and manipulate industrial communication drivers simply by flipping a Node.js...
Patch Now: Siemens BFCClient OpenSSL Flaws Leave Industrial Systems Exposed to Remote Attacks
Siemens has issued an urgent security advisory for its Brownfield Connectivity Client (BFCClient), a critical piece of software that bridges legacy industrial machinery to modern IT systems, after...
CISA Flags 9.3 CVSS Score as Azure RTOS Bugs Expose Rockwell Micro800 PLCs to Remote Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) republished an urgent advisory on August 14, 2025, warning that multiple high-severity vulnerabilities in Rockwell Automation's...
CVE-2025-40584: Siemens SIMOTION and SINAMICS Tools Vulnerable to XXE File Disclosure, Some Left Unpatched
Siemens has acknowledged a critical XML External Entity (XXE) vulnerability—tracked as CVE-2025-40584—affecting multiple versions of its SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER...
Rockwell Studio 5000 Flaw CVE-2025-7971: Patch to v37.00.02 to Stop Environment Variable Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reissued an urgent advisory for a high-severity vulnerability in Rockwell Automation’s Studio 5000 Logix Designer that lets...
Critical VNC Authentication Bypass in Siemens SINUMERIK CNC Systems—Patch Now, CISA Warns
Siemens has released emergency patches for a severe authentication bypass vulnerability in its SINUMERIK CNC platforms that could let an attacker on an adjacent network seize remote control of...
Rockwell Patch Plugs SYSTEM Takeover Hole in FactoryTalk ViewPoint via MSI Repair Hijack
A high-severity local privilege-escalation vulnerability in Rockwell Automation’s FactoryTalk ViewPoint HMI software can hand an attacker full SYSTEM control of a Windows machine by exploiting a...
Rockwell Patches Critical DoS Flaws in 1756-EN4TR Modules, Urges Immediate Firmware Update to 7.001
Rockwell Automation has released a firmware fix for a pair of vulnerabilities in its 1756-EN4TR and 1756-EN4TRXT communication modules that could allow an attacker to crash the devices, causing a...
Siemens Energy Meters Exposed: Cleartext SMTP Passwords Threaten Utility Networks
Siemens has confirmed that multiple models in its SICAM Q100 and Q200 power meter families store SMTP account passwords in plaintext, a design flaw that lets any authenticated local user extract...
Rockwell Automation Patches FactoryTalk Action Manager Vulnerability That Broadcasts API Tokens
Rockwell Automation has confirmed a high-severity information disclosure vulnerability in its FactoryTalk Action Manager software that broadcasts reusable API tokens over local WebSocket channels,...