Security Advisory

Siemens Product Family November 2025 Routine Security Update Advisory

  • Nov 13 2025
Siemens Product Family November 2025 Routine Security Update Advisory

Overview

 

Siemens(https://www.siemens.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

 

Affected Products

 

COMOS V10.4.5 and earlier versions

LOGO! 12/24RCE (6ED1052-1MD08-0BA2) all versions

LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) all versions

LOGO! 230RCE (6ED1052-1FB08-0BA2) all versions

LOGO! 230RCEo (6ED1052-2FB08-0BA2) all versions

LOGO! 24CE (6ED1052-1CC08-0BA2) all versions

LOGO! 24CEo (6ED1052-2CC08-0BA2) all versions

LOGO! 24RCE (6ED1052-1HB08-0BA2) all versions

LOGO! 24RCEo (6ED1052-2HB08-0BA2) all versions

SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) all versions

SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) all versions

SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) all versions

SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) all versions

SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) all versions

SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) all versions

SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) all versions

SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) all versions

Siemens Software Center V3.5 and earlier versions

Solid Edge SE2025 V225.0 Update 10 and earlier versions

Solid Edge SE2025 V225.0 Update 11 and earlier versions

Spectrum Power 4 V4.70 SP12 Update 2 and earlier versions

 

Resolved Vulnerabilities

 

Vulnerability in COMOS before V10.4.5 due to sensitive information being sent unencrypted (CVE-2024-0056, CVSS 8.7) [1]

Vulnerability in COMOS before V10.4.5 due to an incomplete list of disallowed input values (CVE-2023-45133, CVSS 9.3) [1]

Buffer overflow vulnerability due to insufficient validation of buffer boundary values in LOGO! 8 BM Devices (CVE-2025-40815, CVSS 7.2) [5]

Vulnerability in LOGO! 8 BM Devices due to missing authentication procedures for key functionality (CVE-2025-40816, CVSS 7.6) [5]

Vulnerability due to uncontrolled search path in Siemens Software Center and Solid Edge (CVE-2025-40827, CVSS 7.8) [3] [3

Vulnerability due to improper certificate validation in Solid Edge (CVE-2025-40744, CVSS 7.5) [2]

Privilege escalation vulnerability in Spectrum Power 4 Before v4.70 SP12 Security Patch 2 due to improper use of an API that requires privileges (CVE-2024-32008, CVSS 7.8) [4] [4

Privilege Escalation Vulnerability (CVE-2024-32009, CVSS 7.8) in Spectrum Power 4 Before v4.70 SP12 Security Patch 2 due to improperly granted privileges (4) [4

Vulnerability in Spectrum Power 4 Before v4.70 SP12 Security Patch 2 due to incorrectly set privileges for key resources (CVE-2024-32010, CVSS 7.8) [4]

Vulnerability in Spectrum Power 4 Before v4.70 SP12 Security Patch 2 due to the inclusion of functionality in an untrusted control area (CVE-2024-32011, CVSS 8.8) [4]

 

Vulnerability Patches

 

The November 11, 2025 update provided the following Vulnerability Patches or mitigations. For more information on Vulnerability Patches, please see the reference documentation.

COMOS

Update to V10.4.5 and later versions

https://support.sw.siemens.com/product/222981661/

Unknown Product

Update to V10.4.5 and later

https://support.sw.siemens.com/product/222981661/

Solid Edge SE2025

Update to V225.0 Update 11 and later

https://support.sw.siemens.com/product/246738425/

Siemens Software Center

Update to V3.5 and later

https://www.sw.siemens.com/en-US/siemens-software-center/

Solid Edge SE2025

Update to V225.0 Update 10 and later

https://support.sw.siemens.com/product/246738425/

Spectrum Power 4

Update to V4.70 SP12 Update 2 and later

Logo! 12/24rce (6ed1052-1md08-0ba2)

LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)

Logo! 230rce (6ed1052-1fb08-0ba2)

LOGO! 230RCEo (6ED1052-2FB08-0BA2)

Logo! 24ce (6ed1052-1cc08-0ba2)

LOGO! 24CEo (6ED1052-2CC08-0BA2)

Logo! 24rce (6ed1052-1hb08-0ba2)

LOGO! 24RCEo (6ED1052-2HB08-0BA2)

Siplus logo! 12/24rce (6ag1052-1md08-7ba2)

SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)

Siplus logo! 230rce (6ag1052-1fb08-7ba2)

SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)

Siplus logo! 24ce (6ag1052-1cc08-7ba2)

SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)

Siplus logo! 24rce (6ag1052-1hb08-7ba2)

SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)

Logo! 12/24rce (6ed1052-1md08-0ba2)

LOGO! 12/24RCEo (6ED1052-2MD08-0BA2)

Logo! 230rce (6ed1052-1fb08-0ba2)

LOGO! 230RCEo (6ED1052-2FB08-0BA2)

Logo! 24ce (6ed1052-1cc08-0ba2)

LOGO! 24CEo (6ED1052-2CC08-0BA2)

Logo! 24rce (6ed1052-1hb08-0ba2)

LOGO! 24RCEo (6ED1052-2HB08-0BA2)

Siplus logo! 12/24rce (6ag1052-1md08-7ba2)

SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2)

Siplus logo! 230rce (6ag1052-1fb08-7ba2)

SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2)

Siplus logo! 24ce (6ag1052-1cc08-7ba2)

SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2)

Siplus logo! 24rce (6ag1052-1hb08-7ba2)

SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2)

 

Referenced Sites

 

[1] SSA-682326 V1.0: Multiple Vulnerabilities in COMOS before V10.4.5

https://cert-portal.siemens.com/productcert/html/ssa-682326.html

[2] SSA-522291 V1.0: Improper Certificate Validation Vulnerability in Solid Edge

https://cert-portal.siemens.com/productcert/html/ssa-522291.html

[3] SSA-365596 V1.0: DLL Hijacking Vulnerability in Siemens Software Center and Solid Edge

https://cert-portal.siemens.com/productcert/html/ssa-365596.html

[4] SSA-339694 V1.0: Multiple Vulnerabilities in Spectrum Power 4 Before v4.70 SP12 Security Patch 2

https://cert-portal.siemens.com/productcert/html/ssa-339694.html

[5] SSA-267056 V1.0: Multiple Vulnerabilities in LOGO! 8 BM Devices

https://cert-portal.siemens.com/productcert/html/ssa-267056.html

Tags:
Previous Post

Next Post