View CSAF
Summary
SIMATIC HMI Unified Comfort Panels before V21.0 are affected by a vulnerability that allows an unauthenticated attacker to access the web browser via the help link. This vulnerability allows an attacker to access the web browser through the Control Panel if it is not protected by t…
View CSAF
Summary
The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijack a valid user session. The affected session ide…
View CSAF
Summary
Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and re…
View CSAF
Summary
Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem. Siemens has released new versions for the affected products and recommen…
View CSAF
Summary
The web server in SENTRON 7KT PAC1261 Data Manager Before V2.1.0 contains a request smuggling vulnerability in the Go Project's net/http package that could allow an attacker to retrieve authorization tokens that can be used to gain administrative control over the device. Siemens ha…
View CSAF
Summary
Solid Edge SE2026 before Update 5 is affected by two file parsing vulnerabilities that could be triggered when the application reads specially crafted files in PAR format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new ve…
View CSAF
Summary
Siemens Teamcenter is affected by multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following version…
View CSAF
Summary
Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affect…
View CSAF
Summary
ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that …
View CSAF
Summary
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code.
The following versions of Universal Robots Polyscope 5 are affected:
Polyscope 5 <5.25.1Â
CVSS
Vendor
Equipment
Vulnerabilities
v3 9.8
Universal Robots
Univ…
View CSAF
Summary
Simcenter Femap is affected by heap based buffer overflow vulnerability in Datakit library that could be triggered when the application reads files in IPT format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerabili…
View CSAF
Summary
Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens Ruggedcom Rox are affected:
RUGGEDCOM ROX MX5000 vers:intdot/<2…
View CSAF
Summary
Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected produc…
View CSAF
Summary
SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version.
The following versions of Siemens SI…
View CSAF
Summary
Siemens gPROMS Web Applications Publisher (gWAP) is affected by a remote code execution vulnerability introduced through a third-party component, namely the Axios HTTP client library. The vulnerability stems from a specific "Gadget" attack chain that allows prototype pollution in o…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-9082 Drupal Core SQL Injection Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks t…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-34291 Langflow Origin Validation Error Vulnerability
CVE-2026-34926 Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
These types of vul…
View CSAF
Summary
ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. A network attacker could exploit the vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS c…
View CSAF
Summary
An update is available that resolves a vulnerability identified by B&Rs internal security analysis in the product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could take over a remote session or execute code in the conte…
View CSAF
Summary
ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component. Although no successful exploitation was observed during testing of the affected B&R products, the identified vulnera…
View CSAF
Summary
Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them…
View CSAF
Summary
ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the…
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability
CVE-2009-1537 Microsoft DirectX NULL Byte Overwrite Vulnerability
CVE-2009-3459 Adobe Acrobat and Re…
View CSAF
Summary
Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials.
The following versions of ZKTeco CCTV Cameras are affected:
SSC335-GC2063-Face-0b77 Solution
CVSS
Vendor
Equipment
Vulnerabilities
v3 9.1…
View CSAF
Summary
Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution.
The following versions of ScadaBR are affected:
ScadaBR 1.2.0 (CVE-2026-8602, CVE-2026-8603, CVE-2026-8604, CVE-2026-8605)
CVSS
Vendor
Equipment
Vulnerab…
View CSAF
Summary
An update is available that resolves vulnerability in the product versions listed as affected in this advisory. A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to compl…
View CSAF
Summary
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially c…
View CSAF
Summary
Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser.
The following versions of Kieback & Peter DDC Building Controllers are affected:
DDC4002 <=1.12.14 (CVE-2026-4293)
DDC4100 <=1.12.14 (CVE-2026-4293)
DDC4200 <=1.12.14 (CV…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and pos…