VDB
ICSA-25-317-12
ICSA-25-317-12
PUBLISHED
CVSS 7.800000190734863 HIGH
Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens Spectrum Power 4: <V4.70_SP12_Update_2 |
Timeline
- Nov 13, 2025 CVE Published
References
- https://www.siemens.com/industrialsecurity fix
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-317-12.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-12 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf url
- https://www.cisa.gov/uscert/ncas/tips/ST04-014 url
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url
- https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing url
- https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks url
- https://www.siemens.com/cert/operational-guidelines-industrial-security fix
- https://cert-portal.siemens.com/productcert/html/ssa-339694.html fix
- https://cert-portal.siemens.com/productcert/csaf/ssa-339694.json fix