CVSS: 8.5EPSS: 0%CPEs: 124EXPL: 0CVE-2025-30033
https://notcve.org/view.php?id=CVE-2025-30033
12 Aug 2025 — The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component. • https://cert-portal.siemens.com/productcert/html/ssa-282044.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.6EPSS: 0%CPEs: 33EXPL: 0CVE-2024-54678
https://notcve.org/view.php?id=CVE-2024-54678
12 Aug 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (A... • https://cert-portal.siemens.com/productcert/html/ssa-693808.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40566
https://notcve.org/view.php?id=CVE-2025-40566
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. • https://cert-portal.siemens.com/productcert/html/ssa-339086.html • CWE-613: Insufficient Session Expiration •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-30176
https://notcve.org/view.php?id=CVE-2025-30176
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1... • https://cert-portal.siemens.com/productcert/html/ssa-614723.html • CWE-125: Out-of-bounds Read •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-30175
https://notcve.org/view.php?id=CVE-2025-30175
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1... • https://cert-portal.siemens.com/productcert/html/ssa-614723.html • CWE-787: Out-of-bounds Write •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-30174
https://notcve.org/view.php?id=CVE-2025-30174
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1... • https://cert-portal.siemens.com/productcert/html/ssa-614723.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45386
https://notcve.org/view.php?id=CVE-2024-45386
11 Feb 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote ... • https://cert-portal.siemens.com/productcert/html/ssa-342348.html • CWE-613: Insufficient Session Expiration •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-49775
https://notcve.org/view.php?id=CVE-2024-49775
16 Dec 2024 — A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All v... • https://cert-portal.siemens.com/productcert/html/ssa-928984.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2024-33698
https://notcve.org/view.php?id=CVE-2024-33698
10 Sep 2024 — A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions),... • https://cert-portal.siemens.com/productcert/html/ssa-039007.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-30321
https://notcve.org/view.php?id=CVE-2024-30321
09 Jul 2024 — A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information. This cou... • https://cert-portal.siemens.com/productcert/html/ssa-883918.html • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •