Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Rockwell FactoryTalk ViewPoint Flaw Lets Attackers Hijack MSI Repairs for SYSTEM Access
A critical privilege escalation vulnerability in Rockwell Automation’s FactoryTalk ViewPoint HMI thin-client software allows a low-privileged local attacker to gain SYSTEM-level control of...
CISA Flags 32 Critical Flaws in Siemens and Rockwell Gear—Some Require Physical Resets
Federal cybersecurity officials on August 14 published thirty-two advisories covering industrial control systems from Siemens, Rockwell Automation, and other vendors, warning that many of the...
Physical Access Exploit Can Crash Siemens SIPROTEC 5 Relays via USB: Patch and Mitigation Guide for CVE-2025-40570
An attacker with physical access to a Siemens SIPROTEC 5 protection relay can halt its network communications within seconds by flooding the USB port with specially crafted packets. The...
CVE-2025-33023: No Patch for Siemens ROX II Upload Flaw Threatening Critical Manufacturing Networks
Siemens RUGGEDCOM ROX II industrial networking devices — deployed worldwide in critical manufacturing and energy sectors — carry a dangerous unrestricted file upload vulnerability that allows...
Siemens CROSSBOW SAC Emergency Patch: Critical SQLite Flaws Enable Remote Code Execution
Siemens has released emergency patches for its RUGGEDCOM CROSSBOW Station Access Controller (SAC) after security researchers uncovered multiple critical vulnerabilities in the SQLite database engine...
Unpatched Flaw in Siemens SINEC Traffic Analyzer Puts OT Networks at Risk of Takeover
Siemens disclosed a cluster of seven high-severity vulnerabilities in its SINEC Traffic Analyzer, a PROFINET monitoring appliance, that together could allow attackers to crash the system, escalate...
CodeMeter 8.30a Fixes Privilege Escalation (CVE-2025-47809) Affecting Siemens Windows ICS
A newly disclosed local privilege escalation vulnerability in Wibu-Systems CodeMeter Runtime (CVE-2025-47809) enables unprivileged Windows users to gain SYSTEM-level access during the brief...
CVE-2024-8894: Siemens COMOS Vulnerability – Patch ODA Drawing Flaw Before It's Exploited
{ "title": "CVE-2024-8894: Siemens COMOS Vulnerability – Patch ODA Drawing Flaw Before It's Exploited", "content": "A critical memory corruption flaw in a widely used third-party graphics...
Siemens RTLS Backup Script Vulnerability Allows Full SYSTEM Takeover
A single flawed backup script in Siemens' industrial location tracking software can hand an attacker full SYSTEM-level control of the underlying Windows server. That is the sobering reality of...
Siemens SIPROTEC 4 Vulnerability Rated CVSS 8.7, No Fix Planned for Most Affected Relays
Siemens has disclosed a remotely exploitable denial-of-service vulnerability, tracked as CVE-2024-52504, that affects a wide array of SIPROTEC 4 and SIPROTEC 4 Compact protection relays—and the...
Rockwell's FactoryTalk Linx Flaw Scores 9.0: Deploy v6.50 Patch Now to Block Token Bypass
A critical vulnerability in Rockwell Automation’s FactoryTalk Linx allows attackers to bypass FTSP token validation and manipulate industrial communication drivers simply by flipping a Node.js...
Patch Now: Siemens BFCClient OpenSSL Flaws Leave Industrial Systems Exposed to Remote Attacks
Siemens has issued an urgent security advisory for its Brownfield Connectivity Client (BFCClient), a critical piece of software that bridges legacy industrial machinery to modern IT systems, after...