VDB
NCSC-2025-0187
NCSC-2025-0187
PUBLISHED
CVSS 7.800000190734863 HIGH
Siemens heeft kwetsbaarheden verholpen in diverse producten als RUGGEDCOM, SCALANCE, SIMATIC en Tecnomatix
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vers:unknown/<v1.3.0 | ||
| vers:siemens/3.0.0 | ||
| vers:siemens/7.4.3 | ||
| vers:unknown/<v1.1 | ||
| vers:all/* | ||
| vers:all/<v2404.0013 | ||
| vers:unknown/none | ||
| vers:all/>=v3.1.0 | ||
| vers:unknown/* | ||
| vers:unknown/1.0 | ||
| vers:all/<v3.1 | ||
| vers:siemens/3.1.0 |
Exploit Intelligence
- Fast, parallel SSH discovery and security auditing across hosts and CIDR ranges: identifies SSH on any port in real time, then flags auth methods, weak crypto, Terrapin (CVE-2023-48795), and reused host keys. (github-poc-repo)
- Fast, parallel SSH discovery and security auditing across hosts and CIDR ranges: identifies SSH on any port in real time, then flags auth methods, weak crypto, Terrapin (CVE-2023-48795), and reused host keys. (github-poc)
- Mr-Whiskerss/SSH-Terrapin-Prefix-Truncation-Weakness-CVE-2023-48795-Checker (github-poc-repo)
- Mr-Whiskerss/SSH-Terrapin-Prefix-Truncation-Weakness-CVE-2023-48795-Checker (github-poc)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
- CVE-2024–2961 Security Issue Mitigation Script (github-poc)
- Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795. (github-poc)
- Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795. (github-poc-repo)
- A WordPress demo lab for CVE-2024-2961 & CVE-2024-29510 (github-poc)
…and 369 more exploits
Timeline
- Jul 3, 2024 PoC Published
- Feb 13, 2025 PoC Published
- Jun 10, 2025 CVE Published
- Jan 20, 2026 PoC Published
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-082556.pdf url
- https://cert-portal.siemens.com/productcert/pdf/ssa-345750.pdf url
- https://cert-portal.siemens.com/productcert/pdf/ssa-486186.pdf url
- https://cert-portal.siemens.com/productcert/pdf/ssa-513708.pdf url
- https://cert-portal.siemens.com/productcert/pdf/ssa-633269.pdf url
- https://cert-portal.siemens.com/productcert/pdf/ssa-693776.pdf url