VDB
ICSA-25-135-11
ICSA-25-135-11
PUBLISHED
CVSS 6.5 MEDIUM
Polarion before V2410 contains multiple vulnerabilities that could allow attackers to extract data, conduct cross-site scripting attacks or find out valid usernames. Siemens strongly recommends to update Polarion to V2410 or later versions, not only to fix the documented vulnerabilities, but also to benefit from all the other improvements and fixes. For Polarion V2404 patch releases can be applied.
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Polarion V2310 | ||
| Polarion V2404 |
Timeline
- May 13, 2025 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-162255.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-162255.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-135-11.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-11 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.sw.siemens.com/product/230235217/ fix