CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23403
https://notcve.org/view.php?id=CVE-2025-23403
11 Feb 2025 — A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to privilege escalation or bypassing endpoint protection and other security measures. • https://cert-portal.siemens.com/productcert/html/ssa-369369.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23363
https://notcve.org/view.php?id=CVE-2025-23363
11 Feb 2025 — A vulnerability has been identified in Teamcenter (All versions < V14.3.0.0). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versi... • https://cert-portal.siemens.com/productcert/html/ssa-656895.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-54090
https://notcve.org/view.php?id=CVE-2024-54090
11 Feb 2025 — A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain an out-of-bounds read in the memory dump function. This could allow an attacker with Medium (MED) or higher privileges to cause the device to enter an insecure cold start state. • https://cert-portal.siemens.com/productcert/html/ssa-615116.html • CWE-125: Out-of-bounds Read •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-54089
https://notcve.org/view.php?id=CVE-2024-54089
11 Feb 2025 — A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the password from the cyphertext. • https://cert-portal.siemens.com/productcert/html/ssa-615116.html • CWE-326: Inadequate Encryption Strength •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54015
https://notcve.org/view.php?id=CVE-2024-54015
11 Feb 2025 — A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versi... • https://cert-portal.siemens.com/productcert/html/ssa-767615.html • CWE-1392: Use of Default Credentials •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53977
https://notcve.org/view.php?id=CVE-2024-53977
11 Feb 2025 — A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory. • https://cert-portal.siemens.com/productcert/html/ssa-637914.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.1EPSS: 0%CPEs: 61EXPL: 0CVE-2024-53651
https://notcve.org/view.php?id=CVE-2024-53651
11 Feb 2025 — A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP20... • https://cert-portal.siemens.com/productcert/html/ssa-111547.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 28EXPL: 0CVE-2024-53648
https://notcve.org/view.php?id=CVE-2024-53648
11 Feb 2025 — A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions < V9.90), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150... • https://cert-portal.siemens.com/productcert/html/ssa-687955.html • CWE-489: Active Debug Code •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45386
https://notcve.org/view.php?id=CVE-2024-45386
11 Feb 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19 (All versions < V19 Update 1), SIRIUS Safety ES V19 (TIA Portal) (All versions < V19 Update 1), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions < V19 Update 1), TIA Administrator (All versions < V3.0.4). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote ... • https://cert-portal.siemens.com/productcert/html/ssa-342348.html • CWE-613: Insufficient Session Expiration •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23814
https://notcve.org/view.php?id=CVE-2024-23814
11 Feb 2025 — A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALA... • https://cert-portal.siemens.com/productcert/html/ssa-769027.html • CWE-400: Uncontrolled Resource Consumption •