ICSA-25-254-02 — Vulnetix

ICSA-25-254-02 PUBLISHED CVSS 9.100000381469727 CRITICAL

SIMATIC Virtualization as a Service (SIVaaS) is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the vulnerability.

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
	SIMATIC Virtualization as a Service (SIVaaS)

Timeline

Sep 9, 2025 CVE Published

References

https://cert-portal.siemens.com/productcert/csaf/ssa-534283.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-534283.html advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-254-02.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-02 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url

Open in Interactive Console →