Serial number: AV25-676
Date: October 16, 2025
On October 14, 2025, Siemens published advisories to address vulnerabilities in multiple products. Included were updates for the following products:
- TeleControl Server Basic V3.1 – versions V3.1.2.2 to versions prior to V3.1.2.3
- SINEC NMS – versions prior to V4.0 SP1
- Industrial Edge App Publisher – versions prior to V1.23.5
- SIMATIC ET 200SP communication processors – versions prior to V2.4.24
- Solid Edge SE2024 – versions prior to V224.0 Update 14
- Solid Edge SE2025 – versions prior to V225.0 Update 6
- SiPass integrated – versions prior to V3.0
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.
- SSA-062309: Information Disclosure Vulnerability in TeleControl Server Basic V3.1
- SSA-318832: SQL Injection Vulnerability in SINEC NMS
- SSA-365200: Google Chrome Type Confusion Vulnerability in Siemens Products
- SSA-486936: Authentication Vulnerability in SIMATIC ET 200SP Communication Processors
- SSA-541582: Multiple File Parsing Vulnerabilities in Solid Edge
- Siemens Security Advisories