
CVE-2025-40758
https://notcve.org/view.php?id=CVE-2025-40758
14 Aug 2025 — A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. • https://cert-portal.siemens.com/productcert/html/ssa-395458.html • CWE-347: Improper Verification of Cryptographic Signature •

CVE-2025-40770
https://notcve.org/view.php?id=CVE-2025-40770
12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-300: Channel Accessible by Non-Endpoint •

CVE-2025-40769
https://notcve.org/view.php?id=CVE-2025-40769
12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site scripting attacks. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-1164: Irrelevant Code •

CVE-2025-40768
https://notcve.org/view.php?id=CVE-2025-40768
12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-40767
https://notcve.org/view.php?id=CVE-2025-40767
12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-250: Execution with Unnecessary Privileges •

CVE-2025-40766
https://notcve.org/view.php?id=CVE-2025-40766
12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-400: Uncontrolled Resource Consumption •

CVE-2025-40764
https://notcve.org/view.php?id=CVE-2025-40764
12 Aug 2025 — A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-674084.html • CWE-125: Out-of-bounds Read •

CVE-2025-40762
https://notcve.org/view.php?id=CVE-2025-40762
12 Aug 2025 — A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692) • https://cert-portal.siemens.com/productcert/html/ssa-674084.html • CWE-787: Out-of-bounds Write •

CVE-2025-40761
https://notcve.org/view.php?id=CVE-2025-40761
12 Aug 2025 — A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-... • https://cert-portal.siemens.com/productcert/html/ssa-094954.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVE-2025-40759
https://notcve.org/view.php?id=CVE-2025-40759
12 Aug 2025 — A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), S... • https://cert-portal.siemens.com/productcert/html/ssa-493396.html • CWE-502: Deserialization of Untrusted Data •