ICSA-25-226-19 — Vulnetix

ICSA-25-226-19 PUBLISHED CVSS 8.300000190734863 HIGH

Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Risk Scores

CVSS v3.1

8.300000190734863

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Affected Products

Vendor	Product	Versions
	SINUMERIK 828D PPU.5
	SINUMERIK MC
	SINUMERIK ONE
	SINUMERIK ONE V6.15
	SINUMERIK 840D sl
	SINUMERIK 828D PPU.4
	SINUMERIK MC V1.15

Timeline

Aug 12, 2025 CVE Published

References

https://cert-portal.siemens.com/productcert/csaf/ssa-177847.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-177847.html advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-226-19.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-19 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url

Open in Interactive Console →