CISA Alerts · Jun 23, 2026 12:00 UTC

Siemens Products using OpenSSL

Summary

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-174-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow for remote code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</strong></p> <p>The following versions of Siemens Products using OpenSSL are affected:</p> <ul> <li>AI Lightweight Inference Server vers:all/* (CVE-2025-15467)</li> <li>Connector for Azure vers:intdot/<1.8.0 (CVE-2025-15467)</li> <li>Databus vers:intdot/<3.3.2 (CVE-2025-15467)</li> <li>HiMed Cockpit vers:all/* (CVE-2025-15467)</li> <li>RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) vers:all/* (CVE-2025-15467)</li> <li>RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE LPE9403 (6GK5998-3GS00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE LPE9413 (6GK5998-3GS01-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE LPE9433 (6GK5998-3GS11-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M804PB (6GK5804-0AP00-2AA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M812-1 ADSL-Router family vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M816-1 ADSL-Router family vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M874-2 (6GK5874-2AA00-2AA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M874-3 (6GK5874-3AA00-2AA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M876-3 (6GK5876-3AA02-2BA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M876-4 (6GK5876-4AA10-2BA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE SC622-2C (6GK5622-2GS00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE SC626-2C (6GK5626-2GS00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE SC632-2C (6GK5632-2GS00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE SC636-2C (6GK5636-2GS00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE SC642-2C (6GK5642-2GS00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE SC646-2C (6GK5646-2GS00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XC316-8 (6GK5324-8TS00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XC324-4 (6GK5328-4TS00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XC332 (6GK5332-0GA00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XC416-8 (6GK5424-8TR00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XC424-4 (6GK5428-4TR00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XC432 (6GK5432-0GR00-2AC2) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR302-32 (6GK5334-5TS00-2AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR302-32 (6GK5334-5TS00-3AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR302-32 (6GK5334-5TS00-4AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR322-12 (6GK5334-3TS00-2AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR322-12 (6GK5334-3TS00-3AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR322-12 (6GK5334-3TS00-4AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR326-8 (6GK5334-2TS00-2AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR326-8 (6GK5334-2TS00-3AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR326-8 (6GK5334-2TS00-4AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR502-32 (6GK5534-5TR00-2AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR502-32 (6GK5534-5TR00-3AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR502-32 (6GK5534-5TR00-4AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR522-12 (6GK5534-3TR00-2AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR522-12 (6GK5534-3TR00-3AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR522-12 (6GK5534-3TR00-4AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR524-8WG (6GK5532-2SR00-2AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR524-8WG (6GK5532-2SR00-2RR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR524-8WG (6GK5532-2SR00-3AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR524-8WG (6GK5532-2SR00-3RR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR526-8 (6GK5534-2TR00-2AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR526-8 (6GK5534-2TR00-3AR3) vers:all/* (CVE-2025-15467)</li> <li>SCALANCE XR526-8 (6GK5534-2TR00-4AR3) vers:all/* (CVE-2025-15467)</li> <li>Shopfloor IT Suite vers:all/* (CVE-2025-15467)</li> <li>SIDIS Prime vers:intdot/>=4.0.700 (CVE-2025-15467)</li> <li>Siemens OPC UA Modelling Editor (SiOME) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC Comfort/Mobile RT vers:all/* (CVE-2025-15467)</li> <li>SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC HMI Basic Panels vers:intdot/<17.0.9 (CVE-2025-15467)</li> <li>SIMATIC HMI Comfort Panels vers:intdot/<17.0.9 (CVE-2025-15467)</li> <li>SIMATIC HMI Mobile Panels vers:intdot/<17.0.9 (CVE-2025-15467)</li> <li>SIMATIC IOT2050 (6ES7647-0BA00-1YA2) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC IPC BX-21A vers:all/* (CVE-2025-15467)</li> <li>SIMATIC IPC MD-57A vers:all/* (CVE-2025-15467)</li> <li>SIMATIC IPC ORCLA vers:all/* (CVE-2025-15467)</li> <li>SIMATIC PDM V9.3 vers:all/* (CVE-2025-15467)</li> <li>SIMATIC RTLS Locating Manager (6GT2780-0DA00) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC RTLS Locating Manager (6GT2780-0DA10) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC RTLS Locating Manager (6GT2780-0DA20) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC RTLS Locating Manager (6GT2780-0DA30) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC RTLS Locating Manager (6GT2780-1EA10) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC RTLS Locating Manager (6GT2780-1EA20) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC RTLS Locating Manager (6GT2780-1EA30) vers:all/* (CVE-2025-15467)</li> <li>SIMATIC STEP 7 V5 vers:intdot/<5.7.4 (CVE-2025-15467)</li> <li>SIMATIC Target vers:all/* (CVE-2025-15467)</li> <li>SIMATIC WinCC OA V3.19 vers:intdot/<3.19.024 (CVE-2025-15467)</li> <li>SIMATIC WinCC OA V3.20 vers:intdot/<3.20.012 (CVE-2025-15467)</li> <li>SIMATIC WinCC OA V3.21 vers:intdot/<3.21.02 (CVE-2025-15467)</li> <li>SIMATIC WinCC Runtime Advanced V17 vers:intdot/<17.0.9 (CVE-2025-15467)</li> <li>SIMATIC WinCC Unified Sequence vers:intdot/<21 (CVE-2025-15467)</li> <li>SIMATIC WinCC V7.5 vers:all/* (CVE-2025-15467)</li> <li>SIMATIC WinCC V8.0 vers:all/* (CVE-2025-15467)</li> <li>SIMATIC WinCC V8.1 vers:all/* (CVE-2025-15467)</li> <li>SIMOTION OACAMGEN (6AU1820-3EA20-0AB0) vers:all/* (CVE-2025-15467)</li> <li>SIMOVE Fleetmanager V3.1 vers:all/* (CVE-2025-15467)</li> <li>SIMOVE Fleetmanager V3.2 vers:all/* (CVE-2025-15467)</li> <li>SIMOVE Fleetmanager V3.3 vers:all/* (CVE-2025-15467)</li> <li>SINAMICS G200 vers:intdot/>=6.3 (CVE-2025-15467)</li> <li>SINAMICS G220 vers:intdot/>=6.3 (CVE-2025-15467)</li> <li>SINAMICS S200 vers:intdot/>=6.3 (CVE-2025-15467)</li> <li>SINAMICS S210 vers:intdot/>=6.3 (CVE-2025-15467)</li> <li>SINAMICS S220 vers:intdot/>=6.3 (CVE-2025-15467)</li> <li>SINEC INS vers:intdot/<1.0.2.5 (CVE-2025-15467)</li> <li>SINEC NMS vers:all/* (CVE-2025-15467)</li> <li>SINEC Security Monitor vers:all/* (CVE-2025-15467)</li> <li>SINUMERIK Access MyMachine /OPC UA vers:all/* (CVE-2025-15467)</li> <li>SIPLANT vers:all/* (CVE-2025-15467)</li> <li>SITRANS ASM IQ vers:all/* (CVE-2025-15467)</li> <li>SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ) vers:all/* (CVE-2025-15467)</li> <li>User Management Component (UMC) vers:intdot/<2.15.3.0 (CVE-2025-15467)</li> <li>Visual Inspection Cockpit vers:all/* (CVE-2025-15467)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack"> <thead> <tr> <th>CVSS</th> <th>Vendor</th> <th>Equipment</th> <th>Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>Siemens</td> <td>Siemens Products using OpenSSL</td> <td>Out-of-bounds Write</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr /> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="https://www.cisa.gov/">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="https://www.cisa.gov/">CVE-2025-15467</a></h3> <div class="csaf-accordion-content"> <p>Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-15467">View CVE Details</a></p> <hr /> <h4>Affected Products</h4> <h5>Siemens Products using OpenSSL</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br />Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br />AI Lightweight Inference Server, Connector for Azure, Databus, HiMed Cockpit, RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE LPE9403 (6GK5998-3GS00-2AC2), SCALANCE LPE9413 (6GK5998-3GS01-2AC2), SCALANCE LPE9433 (6GK5998-3GS11-2AC2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router family, SCALANCE M816-1 ADSL-Router family, SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0), SCALANCE XC316-8 (6GK5324-8TS00-2AC2), SCALANCE XC324-4 (6GK5328-4TS00-2AC2), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2), SCALANCE XC332 (6GK5332-0GA00-2AC2), SCALANCE XC416-8 (6GK5424-8TR00-2AC2), SCALANCE XC424-4 (6GK5428-4TR00-2AC2), SCALANCE XC432 (6GK5432-0GR00-2AC2), SCALANCE XR302-32 (6GK5334-5TS00-2AR3), SCALANCE XR302-32 (6GK5334-5TS00-3AR3), SCALANCE XR302-32 (6GK5334-5TS00-4AR3), SCALANCE XR322-12 (6GK5334-3TS00-2AR3), SCALANCE XR322-12 (6GK5334-3TS00-3AR3), SCALANCE XR322-12 (6GK5334-3TS00-4AR3), SCALANCE XR326-8 (6GK5334-2TS00-2AR3), SCALANCE XR326-8 (6GK5334-2TS00-3AR3), SCALANCE XR326-8 (6GK5334-2TS00-4AR3), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3), SCALANCE XR502-32 (6GK5534-5TR00-2AR3), SCALANCE XR502-32 (6GK5534-5TR00-3AR3), SCALANCE XR502-32 (6GK5534-5TR00-4AR3), SCALANCE XR522-12 (6GK5534-3TR00-2AR3), SCALANCE XR522-12 (6GK5534-3TR00-3AR3), SCALANCE XR522-12 (6GK5534-3TR00-4AR3), SCALANCE XR524-8WG (6GK5532-2SR00-2AR3), SCALANCE XR524-8WG (6GK5532-2SR00-2RR3), SCALANCE XR524-8WG (6GK5532-2SR00-3AR3), SCALANCE XR524-8WG (6GK5532-2SR00-3RR3), SCALANCE XR526-8 (6GK5534-2TR00-2AR3), SCALANCE XR526-8 (6GK5534-2TR00-3AR3), SCALANCE XR526-8 (6GK5534-2TR00-4AR3), Shopfloor IT Suite, SIDIS Prime, Siemens OPC UA Modelling Editor (SiOME), SIMATIC Comfort/Mobile RT, SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8), SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8), SIMATIC HMI Basic Panels, SIMATIC HMI Comfort Panels, SIMATIC HMI Mobile Panels, SIMATIC IOT2050 (6ES7647-0BA00-1YA2), SIMATIC IPC BX-21A, SIMATIC IPC MD-57A, SIMATIC IPC ORCLA, SIMATIC PDM V9.3, SIMATIC RTLS Locating Manager (6GT2780-0DA00), SIMATIC RTLS Locating Manager (6GT2780-0DA10), SIMATIC RTLS Locating Manager (6GT2780-0DA20), SIMATIC RTLS Locating Manager (6GT2780-0DA30), SIMATIC RTLS Locating Manager (6GT2780-1EA10), SIMATIC RTLS Locating Manager (6GT2780-1EA20), SIMATIC RTLS Locating Manager (6GT2780-1EA30), SIMATIC STEP 7 V5, SIMATIC Target, SIMATIC WinCC OA V3.19, SIMATIC WinCC OA V3.20, SIMATIC WinCC OA V3.21, SIMATIC WinCC Runtime Advanced V17, SIMATIC WinCC Unified Sequence, SIMATIC WinCC V7.5, SIMATIC WinCC V8.0, SIMATIC WinCC V8.1, SIMOTION OACAMGEN (6AU1820-3EA20-0AB0), SIMOVE Fleetmanager V3.1, SIMOVE Fleetmanager V3.2, SIMOVE Fleetmanager V3.3, SINAMICS G200, SINAMICS G220, SINAMICS S200, SINAMICS S210, SINAMICS S220, SINEC INS, SINEC NMS, SINEC Security Monitor, SINUMERIK Access MyMachine /OPC UA, SIPLANT, SITRANS ASM IQ, SITRANS Soft Sensor Engine IQ (SITRANS SSE IQ), User Management Component (UMC), Visual Inspection Cockpit</div> <div class="ics-status"><strong>Product Status:</strong><br />known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br />As a defense-in-depth measure, organizations may review whether affected systems are exposed to untrusted CMS/PKCS#7 content from external sources.</p> <p><strong>Mitigation</strong><br />Do not accept files from untrusted and unvalidated sources in the affected applications</p> <p><strong>Mitigation</strong><br />Restrict the port at the host with the DeviceConnectionProxy to secure destinations</p> <p><strong>Mitigation</strong><br />Securing the connected email server as follows: • Configure the email server to enforce encrypted communication (TLS/SSL) for all SMTP connections. • Restrict access to the email server to trusted systems only (e.g., by using firewall rules or IP allowlists). • Ensure strong authentication to access the email server. • Keep the email server software and underlying operating system up to date with the latest security patches.</p> <p><strong>Mitigation</strong><br />Securing the connected email server as follows: • Configure the email server to enforce encrypted communication (TLS/SSL) for all SMTP connections. • Restrict access to the email server to trusted systems only (e.g., by using firewall rules or IP allowlists). • Ensure strong authentication to access the email server. • Keep the email server software and underlying operating system up to date with the latest security patches.</p> <p><strong>Mitigation</strong><br />The hardening instructions mentioned in the products security concept should be followed</p> <p><strong>No fix planned</strong><br />Currently no fix is planned</p> <p><strong>None available</strong><br />Currently no fix is available</p> <p><strong>Vendor fix</strong><br />Update to V1.0 SP2 Update 5 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/109999722/">https://support.industry.siemens.com/cs/ww/en/view/109999722/</a></p> <p><strong>Vendor fix</strong><br />Update to V1.8.0 or later version<br /><a href="https://docs.eu1.edge.siemens.cloud/release_notes/scope_of_delivery/scope_of_delivery.html">https://docs.eu1.edge.siemens.cloud/release_notes/scope_of_delivery/scope_of_delivery.html</a></p> <p><strong>Vendor fix</strong><br />Update to V17 Update 9 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/109800912/">https://support.industry.siemens.com/cs/ww/en/view/109800912/</a></p> <p><strong>Vendor fix</strong><br />Update to V17.9 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/109825750/">https://support.industry.siemens.com/cs/ww/en/view/109825750/</a></p> <p><strong>Vendor fix</strong><br />Update to V17 Update 9 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/109825750/">https://support.industry.siemens.com/cs/ww/en/view/109825750/</a></p> <p><strong>Vendor fix</strong><br />Update to V2.15.3.0 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/110000730/">https://support.industry.siemens.com/cs/ww/en/view/110000730/</a></p> <p><strong>Vendor fix</strong><br />Update to V21 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/109996963/">https://support.industry.siemens.com/cs/ww/en/view/109996963/</a></p> <p><strong>Vendor fix</strong><br />Update to V3.19 P024 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/110000400/">https://support.industry.siemens.com/cs/ww/en/view/110000400/</a></p> <p><strong>Vendor fix</strong><br />Update to V3.20 P012 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/110000657/">https://support.industry.siemens.com/cs/ww/en/view/110000657/</a></p> <p><strong>Vendor fix</strong><br />Update to V3.21 P02 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/110000985/">https://support.industry.siemens.com/cs/ww/en/view/110000985/</a></p> <p><strong>Vendor fix</strong><br />Update to V3.3.2 or later version<br /><a href="https://docs.eu1.edge.siemens.cloud/release_notes/scope_of_delivery/scope_of_delivery.html">https://docs.eu1.edge.siemens.cloud/release_notes/scope_of_delivery/scope_of_delivery.html</a></p> <p><strong>Vendor fix</strong><br />Update to V5.7 SP4 or later version<br /><a href="https://support.industry.siemens.com/cs/ww/en/view/109991080/">https://support.industry.siemens.com/cs/ww/en/view/109991080/</a></p> <p><strong>Vendor fix</strong><br />Contact customer support siplant-support.de@siemens.com</p> <p><strong>Vendor fix</strong><br />Contact customer support</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/787.html">CWE-787 Out-of-bounds Write</a></p> <hr /> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack"> <thead> <tr> <th>CVSS Version</th> <th>Base Score</th> <th>Base Severity</th> <th>Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr /> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported this vulnerability to CISA.</li> </ul> <hr /> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr /> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr /> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr /> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).</p> <hr /> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr /> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-434797 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-06-09</li> </ul> <table class="tablesaw tablesaw-stack"> <thead> <tr> <th>Date</th> <th>Revision</th> <th>Summary</th> </tr> </thead> <tbody> <tr> <td>2026-06-09</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-06-23</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-434797 advisory</td> </tr> </tbody> </table> <hr /> <h2>Legal Notice and Terms of Use</h2>

Original reporting

Open original source

Related coverage

Read full article on CISA Alerts