Siemens

A remote, anonymous attacker can exploit a vulnerability in Siemens SIPROTEC 5 devices to disclose sensitive information.

A stack-based overflow vulnerability in Solid Edge SE2026 (versions prior to V226.0 Update 5) allows for arbitrary code execution via specially crafted PAR files.

Solid Edge SE2026 is vulnerable to uninitialized pointer access while parsing specially crafted PAR files, potentially leading to arbitrary code execution in the context of the current process (CVE-2026-44411).

Siemens Teamcenter versions V2312 (before V2312.0014), V2406 (before V2406.0012), V2412 (before V2412.0009), V2506 (before V2506.0005), and V2512 are vulnerable to cross-site scripting (XSS) due to improper encoding or filtering of user-supplied data, potentially leading to arbitrary code execution by other users.

CVE-2025-40947 describes a vulnerability in Siemens RUGGEDCOM ROX devices that allows authenticated remote attackers to inject arbitrary commands via a maliciously crafted feature key, resulting in remote code execution with root privileges.

Siemens SIMATIC CN 4100 versions before V5.0 are vulnerable to resource exhaustion due to improper restriction of unauthenticated connections, potentially leading to disruption of operations and unauthorized actions.

An authenticated remote command injection vulnerability exists in the web UI scheduler functionality of multiple RUGGEDCOM ROX devices before V2.17.1, allowing arbitrary command execution with root privileges.