VDB
ICSA-25-289-06
ICSA-25-289-06
PUBLISHED
CVSS 8.800000190734863 HIGH
SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to exploit user accounts, manipulate data, impersonate users, or achieve arbitrary code execution on the SiPass integrated server. Siemens has released a new version for SiPass integrated and recommends to update to the latest version.
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SiPass integrated V2.95 | ||
| SiPass integrated |
Timeline
- Oct 14, 2025 CVE Published
- Feb 12, 2026 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-599451.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-599451.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-289-06.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-289-06 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url
- https://support.industry.siemens.com/cs/ww/en/view/109827049/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109995331/ fix