Security Advisory

Siemens Product Security Update Advisory

  • Jul 11 2025
Siemens Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in Siemens products. Users of affected products are advised to update to the latest version.

 

 

Affected Products

 

CVE-2025-23365

 

TIA Administrator Version: V3.0.6 and earlier

 

CVE-2025-40593

 

SIMATIC CN 4100 Version: Less than V4.0

 

CVE-2025-40735, CVE-2025-40736, CVE-2025-40737, CVE-2025-40738

 

SINEC NMS Version: below V4.0

 

CVE-2025-40739, CVE-2025-40740, CVE-2025-40741

 

Solid Edge SE2025 Version: V225.0 Update 5 or earlier

 

CVE-2025-41224

 

RUGGEDCOM ROS V4.X family Version: All Versions
RUGGEDCOM ROS V5.X family Version: V5.10.0 and earlier

 

 

Resolved Vulnerabilities

 

Privilege escalation and arbitrary code execution vulnerability due to overwriting cache files and changing download paths in TIA Administrator (CVE-2025-23365)
Denial of service vulnerability in SIMATIC CN 4100 due to storing arbitrary files in an SFTP folder (CVE-2025-40593)
SQL Injection Vulnerability in SINEC NMS (CVE-2025-40735)
Authentication bypass vulnerability in SINEC NMS (CVE-2025-40736)
Path traversal vulnerability when extracting ZIP files in SINEC NMS (CVE-2025-40737)
Path traversal vulnerability in ZIP file extraction in SINEC NMS (CVE-2025-40738)
Code execution vulnerability due to read out of memory boundary in Solid Edge SE2025 (CVE-2025-40739)
Code execution vulnerability due to out-of-bound read in memory in Solid Edge SE2025 (CVE-2025-40740)
Code execution vulnerability due to a stack-based buffer overflow in Solid Edge SE2025 (CVE-2025-40741)
SSH access persistence vulnerability due to lack of interface access control in RUGGEDCOM ROS (CVE-2025-41224)

 

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-23365

 

TIA Administrator version: V3.0.6 and higher

 

CVE-2025-40593

 

SIMATIC CN 4100 Version: V4.0 or later

 

Cve-2025-40735, cve-2025-40736, cve-2025-40737, cve-2025-40738

 

SINEC NMS Version: V4.0 or later

 

Cve-2025-40739, cve-2025-40740, cve-2025-40741

 

Solid Edge SE2025 Version: V225.0 Update 5 or later

 

CVE-2025-41224

 

RUGGEDCOM ROS V4.X family Version: No current patch version
RUGGEDCOM ROS V5.X family Version: V5.10.0 or later

 

 

Referenced Sites

 

[1] SSA-573669: Multiple Vulnerabilities in TIA Administrator Before V3.0.6
https://cert-portal.siemens.com/productcert/html/ssa-573669.html
[2] SSA-626991: Denial of Service Vulnerability in SIMATIC CN 4100 before V4.0
https://cert-portal.siemens.com/productcert/html/ssa-626991.html
[3] SSA-078892: Multiple Vulnerabilities in SINEC NMS Before V4.0
https://cert-portal.siemens.com/productcert/html/ssa-078892.html
[4] SSA-091753: Multiple Vulnerabilities in Solid Edge Before SE2025 Update 5
https://cert-portal.siemens.com/productcert/html/ssa-091753.html
[5] SSA-083019: Multiple Vulnerabilities in RUGGEDCOM ROS Devices
https://cert-portal.siemens.com/productcert/html/ssa-083019.html

Tags:
Previous Post

Next Post