Siemens Security Vulnerabilities (CVEs)
Track 539 security vulnerabilities affecting Siemens products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening...
Feb 10, 2026A vulnerability in SINEC NMS allows low-privileged users to modify configuration files, enabling DLL hijacking attacks. This could lead to arbitrary c...
Feb 10, 2026A low-privileged user can modify configuration files in SINEC NMS User Management Component, allowing malicious DLL loading. This leads to arbitrary c...
Feb 10, 2026An out-of-bounds write vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into openin...
Feb 10, 2026An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening...
Feb 10, 2026An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening...
Feb 10, 2026An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening...
Feb 10, 2026A heap-based buffer overflow vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into ...
Feb 10, 2026A data validation vulnerability in NX software versions before V2512 allows local attackers to manipulate internal data during PDF export, potentially...
Feb 10, 2026A local privilege escalation vulnerability in TeleControl Server Basic allows attackers with local access to execute arbitrary code with elevated priv...
Jan 13, 2026This vulnerability in Simcenter Femap allows attackers to execute arbitrary code by tricking users into opening malicious SLDPRT files. All Simcenter ...
Dec 12, 2025This vulnerability in SIMATIC CN 4100 allows authenticated attackers to execute arbitrary code with limited privileges due to improper input validatio...
Dec 9, 2025This vulnerability in SIMATIC CN 4100 devices involves sensitive information being stored in firmware, allowing attackers to extract and misuse this d...
Dec 9, 2025A vulnerability in SIMATIC CN 4100 devices allows attackers with physical access to trigger a denial-of-service reboot via the USB port. This affects ...
Dec 9, 2025A vulnerability in SIMATIC CN 4100 industrial communication devices allows attackers to exploit inconsistent SNMP behavior to access sensitive data, p...
Dec 9, 2025SIMATIC CN 4100 devices expose server information in responses, allowing attackers with network access to gather reconnaissance data. This information...
Dec 9, 2025SINEMA Remote Connect Server versions before V3.2 SP4 store SSL/TLS private keys with insufficient protection, allowing any authenticated user with se...
Dec 9, 2025This vulnerability in SINEMA Remote Connect Server allows attackers with database access to directly modify the system_ticketinfo table and bypass lic...
Dec 9, 2025This vulnerability in SINEC Security Monitor allows authenticated local attackers with low privileges to bypass authorization checks in the file_trans...
Dec 9, 2025A vulnerability in SINEC Security Monitor allows authenticated low-privileged attackers to cause denial of service in the report generation functional...
Dec 9, 2025Gridscale X Prepay versions before V4.2.1 have a user enumeration vulnerability where attackers can distinguish between valid and invalid users based ...
Dec 9, 2025Gridscale X Prepay versions before V4.2.1 are vulnerable to authentication token capture-replay attacks. This allows authenticated users who should be...
Dec 9, 2025A vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to execute arbitrary code as root via the SCEP client's lack of field validation dur...
Dec 9, 2025A code injection vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to execute arbitrary code as root when Virtual Routing and Forwarding...
Dec 9, 2025A code injection vulnerability in IPsec implementation allows attackers to execute arbitrary code with root privileges on affected Siemens RUGGEDCOM R...
Dec 9, 2025A code injection vulnerability in the DHCP Server configuration file of Siemens RUGGEDCOM ROX devices allows attackers to execute arbitrary code. This...
Dec 9, 2025This vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to inject additional configuration parameters during Dynamic DNS setup. Under cer...
Dec 9, 2025This vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to gain root access by exploiting insufficient validation during configuration fi...
Dec 9, 2025An out-of-bounds write vulnerability in Solid Edge SE2024 and SE2025 allows attackers to crash the application or execute arbitrary code by tricking u...
Oct 14, 2025An out-of-bounds read vulnerability in Solid Edge SE2024 and SE2025 allows attackers to crash the application or execute arbitrary code by tricking us...
Oct 14, 2025An information disclosure vulnerability in TeleControl Server Basic V3.1 allows unauthenticated remote attackers to obtain password hashes and use the...
Oct 14, 2025A stored Cross-Site Scripting vulnerability in SiPass integrated allows attackers to inject malicious scripts that execute when other users visit affe...
Oct 14, 2025This vulnerability in SiPass integrated allows administrators to decrypt and recover user passwords stored in the database. All SiPass integrated vers...
Oct 14, 2025This SQL injection vulnerability in SINEC NMS allows authenticated low-privileged attackers to insert malicious data and escalate privileges. It affec...
Oct 14, 2025A stack-based buffer overflow vulnerability in Siemens SIMATIC PCS neo's User Management Component allows unauthenticated remote attackers to execute ...
Sep 9, 2025An out-of-bounds read vulnerability in the User Management Component (UMC) of SIMATIC PCS neo industrial control systems allows unauthenticated remote...
Sep 9, 2025An out-of-bounds write vulnerability in Simcenter Femap allows remote code execution when parsing malicious STP files. Attackers can execute arbitrary...
Aug 12, 2025SINEC Traffic Analyzer versions before V3.0 run Docker containers without proper resource limits, allowing attackers to exhaust system resources and c...
Aug 12, 2025SINEC Traffic Analyzer runs Docker containers without proper isolation controls, allowing attackers to escape container boundaries and access host sys...
Aug 12, 2025This vulnerability in SIMATIC RTLS Locating Manager allows authenticated remote attackers with high application privileges to execute arbitrary code w...
Aug 12, 2025This vulnerability affects Siemens SmartClient modules by supporting insecure TLS 1.0 and 1.1 protocols, allowing man-in-the-middle attacks that could...
Aug 12, 2025This vulnerability in Siemens SmartClient modules allows authenticated attackers to access sensitive information due to inadequate encryption. Affecte...
Aug 12, 2025This CVE describes an authorization bypass vulnerability in Siemens SmartClient modules where the server fails to enforce proper access controls on ce...
Aug 12, 2025A path traversal vulnerability in SINEC NMS allows attackers to write arbitrary files to restricted locations by uploading malicious ZIP archives. Thi...
Jul 8, 2025This vulnerability in Solid Edge SE2025 allows attackers to execute arbitrary code by exploiting an out-of-bounds read when parsing malicious PAR file...
Jul 8, 2025This vulnerability in Siemens SIMATIC CN 4100 allows attackers to store arbitrary files in the device's SFTP folder, potentially causing denial of ser...
Jul 8, 2025An unauthenticated SQL injection vulnerability in Siemens SINEC NMS allows remote attackers to execute arbitrary SQL queries on the server database. T...
Jul 8, 2025This critical vulnerability in SINEC NMS allows unauthenticated attackers to reset the superadmin password through an exposed endpoint, granting them ...
Jul 8, 2025This vulnerability in TIA Administrator allows attackers to bypass code signing certificate validation during installations, potentially enabling arbi...
Jul 8, 2025A privilege escalation vulnerability in TIA Administrator allows low-privileged users to trigger installations by manipulating cache files and downloa...
Jul 8, 2025Why Monitor Siemens Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 539+ known vulnerabilities affecting Siemens products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Siemens packages in under 60 seconds. No agents required - completely agentless scanning that works across Siemens deployments.
Free vulnerability database: Access detailed information about every Siemens CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Siemens CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
