-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ##################################################### ## N C S C ~ B E V E I L I G I N G S A D V I E S ## ##################################################### Titel : Kwetsbaarheden verholpen in Siemens-producten Advisory ID : NCSC-2026-0147 Versie : 1.00 Kans : medium CVE ID : CVE-2019-13103, CVE-2019-13104, CVE-2019-13106, CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203, CVE-2019-14204, CVE-2020-10648, CVE-2022-2347, CVE-2022-30552, CVE-2022-30790, CVE-2022-34835, CVE-2023-3019, CVE-2023-27043, CVE-2024-3447, CVE-2024-4367, CVE-2024-22365, CVE-2024-47704, CVE-2024-54017, CVE-2024-57256, CVE-2024-57258, CVE-2024-57924, CVE-2024-58240, CVE-2025-0395, CVE-2025-3576, CVE-2025-6020, CVE-2025-6021, CVE-2025-6052, CVE-2025-7425, CVE-2025-8916, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-9714, CVE-2025-9820, CVE-2025-12659, CVE-2025-14831, CVE-2025-22871, CVE-2025-23143, CVE-2025-23160, CVE-2025-31257, CVE-2025-37931, CVE-2025-37968, CVE-2025-38322, CVE-2025-38347, CVE-2025-38491, CVE-2025-38502, CVE-2025-38552, CVE-2025-38614, CVE-2025-38670, CVE-2025-38676, CVE-2025-38677, CVE-2025-38679, CVE-2025-38680, CVE-2025-38681, CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38702, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38721, CVE-2025-38723, CVE-2025-38724, CVE-2025-38725, CVE-2025-38727, CVE-2025-38728, CVE-2025-38729, CVE-2025-38732, CVE-2025-38735, CVE-2025-38736, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39682, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39692, CVE-2025-39693, CVE-2025-39694, CVE-2025-39697, CVE-2025-39701, CVE-2025-39702, CVE-2025-39703, CVE-2025-39706, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39715, CVE-2025-39716, CVE-2025-39718, CVE-2025-39719, CVE-2025-39724, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39759, CVE-2025-39760, CVE-2025-39766, CVE-2025-39770, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39800, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39819, CVE-2025-39823, CVE-2025-39824, CVE-2025-39825, CVE-2025-39826, CVE-2025-39827, CVE-2025-39828, CVE-2025-39835, CVE-2025-39838, CVE-2025-39839, CVE-2025-39841, CVE-2025-39842, CVE-2025-39843, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39849, CVE-2025-39853, CVE-2025-39857, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-40300, CVE-2025-40833, CVE-2025-40946, CVE-2025-40947, CVE-2025-40948, CVE-2025-40949, CVE-2025-43368, CVE-2025-46836, CVE-2025-47219, CVE-2025-48989, CVE-2025-49794, CVE-2025-49796, CVE-2025-53057, CVE-2025-53066, CVE-2025-55752, CVE-2025-55754, CVE-2025-61748, CVE-2025-61795, CVE-2026-2673, CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945, CVE-2026-21947, CVE-2026-22924, CVE-2026-22925, CVE-2026-25786, CVE-2026-25787, CVE-2026-25789, CVE-2026-27446, CVE-2026-27662, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790, CVE-2026-33862, CVE-2026-33893, CVE-2026-40175, CVE-2026-41125, CVE-2026-41551, CVE-2026-44411, CVE-2026-44412 (Details over de kwetsbaarheden kunt u vinden op de Mitre website: https://cve.mitre.org/cve/) Schade : high Improper Input Validation Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Relative Path Traversal Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Improper Neutralization of CRLF Sequences ('CRLF Injection') Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Stack-based Buffer Overflow Heap-based Buffer Overflow Out-of-bounds Read Improper Validation of Array Index Incorrect Calculation of Buffer Size Improper Neutralization of Escape, Meta, or Control Sequences Integer Overflow or Wraparound Integer Underflow (Wrap or Wraparound) Exposure of Sensitive Information to an Unauthorized Actor Observable Discrepancy Observable Timing Discrepancy Improper Check for Dropped Privileges Insecure Inherited Permissions Improper Access Control Uncontrolled Recursion Out-of-bounds Write Use After Free Improper Validation of Syntactic Correctness of Input Improper Check for Unusual or Exceptional Conditions NULL Pointer Dereference Small Space of Random Values Reachable Assertion Use of Weak Hash Allocation of Resources Without Limits or Throttling Covert Timing Channel Unchecked Input for Loop Condition Inefficient Algorithmic Complexity Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Dependency on Vulnerable Third-Party Component Missing Release of Memory after Effective Lifetime Improper Locking Buffer Access with Incorrect Length Value Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Race Condition within a Thread Missing Synchronization Use of Uninitialized Resource Double Free Missing Release of Resource after Effective Lifetime Time-of-check Time-of-use (TOCTOU) Race Condition Loop with Unreachable Exit Condition ('Infinite Loop') Improper Update of Reference Count Unexpected Status Code or Return Value Divide By Zero Improper Validation of Specified Index, Position, or Offset in Input Comparison Using Wrong Factors Deadlock Signal Handler Race Condition Improper Following of Specification by Caller Transmission of Private Resources into a New Sphere ('Resource Leak') Use of Hard-coded Cryptographic Key Improper Resource Shutdown or Release Expired Pointer Dereference Inappropriate Encoding for Output Context Object Model Violation: Just One of Equals and Hashcode Defined Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') Missing Cryptographic Step Key Exchange without Entity Authentication Improper Validation of Specified Type of Input Improper Certificate Validation Missing Authentication for Critical Function Initialization of a Resource with an Insecure Default Access of Uninitialized Pointer Use of Hard-coded Credentials Server-Side Request Forgery (SSRF) Improperly Controlled Modification of Dynamically- Determined Object Attributes Uitgiftedatum : 20260513 Toepassing : Siemens AG SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 Siemens IE/PB-Link Firmware (OS) Siemens IE/PB-link Firmware Siemens Opcenter RDnL Siemens RUGGEDCOM ROX II Siemens RUGGEDCOM ROX II Family Siemens RUGGEDCOM ROX II family Siemens SCALANCE M-800 Siemens SCALANCE M-800 family Siemens SCALANCE SC-600 Siemens SCALANCE SC-600 Family Siemens SCALANCE SC-600 family Siemens SCALANCE W-700 IEEE 802.11n family Siemens SCALANCE X-200 series firmware Siemens SCALANCE X-300 Series Firmware Siemens SCALANCE XM-400 Siemens SCALANCE XM-400 Family Siemens SCALANCE XM-400 family Siemens SCALANCE XR-500 Family Siemens SCALANCE XR-500 family Siemens SIMATIC CFU DIQ Siemens SIMATIC CFU PA Siemens SIMATIC ET 200 SP Firmware Siemens SIMATIC HMI Unified Comfort Panels Siemens SIMATIC HMI Unified Comfort Panels Firmware Siemens SIMATIC HMI Unified Comfort Panels family Siemens SIMATIC S7 Siemens SIMATIC S7-1500 Siemens SIMATIC S7-300 Siemens SIMATIC S7-410 Siemens SIMIT Siemens SINAMICS G115D Siemens SINAMICS G130 Siemens SINAMICS S110 Siemens SINAMICS S150 Siemens SIPROTEC 5 Siemens Scalance W-700 Ieee 80211N Family Siemens Scalance X-200 Firmware Siemens Scalance X-300 Siemens Sentron PAC Siemens Simatic S7-400 Firmware Siemens Simcenter Femap Siemens Sinamics G120 Siemens Sinamics S120 Siemens Solid Edge SE2026 Siemens Teamcenter Versie(s) : Platform(s) : Beschrijving Siemens heeft kwetsbaarheden verholpen in verschillende (OT-)producten. Het gaat onder andere om producten in de Siemens RUGGEDCOM-, SCALANCE-, SIMATIC-, SIMIT-, SINAMICS-, SIPROTEC-, SENTRON- en Solid Edge-productreeksen. De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Manipulatie van gegevens - (Remote) code execution - Toegang tot gevoelige gegevens - Verhogen van rechten Voor succesvol misbruik van de genoemde kwetsbaarheden moet de kwaadwillende (netwerk)toegang hebben tot het kwetsbare product. Het is goed gebruik een dergelijke producten niet publiek toegankelijk te hebben. Mogelijke oplossingen Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie. Referenties: Reference https://cert-portal.siemens.com/productcert/html/ssa-032379.html Reference https://cert-portal.siemens.com/productcert/html/ssa-078743.html Reference https://cert-portal.siemens.com/productcert/html/ssa-081142.html Reference https://cert-portal.siemens.com/productcert/html/ssa-085541.html Reference https://cert-portal.siemens.com/productcert/html/ssa-357982.html Reference https://cert-portal.siemens.com/productcert/html/ssa-387223.html Reference https://cert-portal.siemens.com/productcert/html/ssa-392349.html Reference https://cert-portal.siemens.com/productcert/html/ssa-545643.html Reference https://cert-portal.siemens.com/productcert/html/ssa-577017.html Reference https://cert-portal.siemens.com/productcert/html/ssa-688146.html Reference https://cert-portal.siemens.com/productcert/html/ssa-783943.html Reference https://cert-portal.siemens.com/productcert/html/ssa-786884.html Reference https://cert-portal.siemens.com/productcert/html/ssa-827383.html Reference https://cert-portal.siemens.com/productcert/html/ssa-870926.html Reference https://cert-portal.siemens.com/productcert/html/ssa-876049.html Reference https://cert-portal.siemens.com/productcert/html/ssa-921111.html Reference https://cert-portal.siemens.com/productcert/html/ssa-973901.html Vrijwaringsverklaring Door gebruik van deze security advisory gaat u akkoord met de navolgende voorwaarden. Ondanks dat het NCSC de grootst mogelijke zorg heeft betracht bij de samenstelling van dit beveiligingsadvies, kan het NCSC niet instaan voor de volledigheid, juistheid of (voortdurende) actualiteit van dit beveiligingsadvies. De informatie in dit beveiligingsadvies is uitsluitend bedoeld als algemene informatie voor professionele partijen. Aan de informatie in dit beveiligingsadvies kunnen geen rechten worden ontleend. Het NCSC en de Staat zijn niet aansprakelijk voor enige schade ten gevolge van het gebruik of de onmogelijkheid van het gebruik van dit beveiligingsadvies, waaronder begrepen schade ten gevolge van de onjuistheid of onvolledigheid van de informatie in dit beveiligingsadvies. Op dit beveiligingsadvies is Nederlands recht van toepassing. Alle geschillen in verband met en/of voortvloeiend uit dit beveiligingsadvies zullen worden voorgelegd aan de exclusief bevoegde rechter te Den Haag. Deze rechtskeuze geldt tevens voor de voorzieningenrechter in kort geding. -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEGSwziqblmmRNtImqgupWoL0ZhGEFAmoEHV0ACgkQgupWoL0Z hGGdwQwA1GjUCdEAxao6op7jYyboaO39fVqnyDPfsFTGA1/T/PZggZ2kZzBHZS5I DOZfN2gNGDgM3uqFK8PloiBV4RicGU1nlrhX92oSfPpSHiDv+X92EUzfStunzUtg 9jmcwiWBkb6XGSeYbHS3/hba2OuPEhUsJDHqheRr1igxBCguwm77fL4P1u3VG7c/ unrD/BrvNqK1FGjoc/Bl5O2nH6R4z3b4ZdD4ixuK83wQS7WUP78UGs99O5eYQq20 wnrWCxU324ECBxilXmnbOkEgUk+vWT/yeeiT9fH8emna+k/2IaT/L5GwRIwepfqO /yR2p59H8L35SKYrIpLGG7rEvqrQKs/RDl4AUdOsyw19Obt0VDzqxcP7l0QctYGw 76b06Aqh8nt8lNv4vTkElYmkkNwrJ3IMDd78wLWBu8IBLnpnf4dAIGiMdozU3MOy bxOKmQ+mUNxVYdWrWuwXI2f6jXIR4v4qb1rMthENlLordMxdUcv1m4KvAxaK0BjU OnBm7BfY =YNZ1 -----END PGP SIGNATURE-----