These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified PC Runtime V20 (All versions), SIMATIC WinCC Unified PC Runtime V21 (All versions < V21 Update 2). Insufficient protection of key mater [truncated]
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resu [truncated]
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gainin [truncated]
A path traversal vulnerability was identified in Siemens SINEC INS versions prior to V1.0 SP2 Update 6. The issue arises from improper sanitization of path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows an attacker to access unintended file system locations through crafted input.
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary com [truncated]
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), [truncated]
A NULL pointer dereference vulnerability exists in OpenSSL's PKCS12_item_decrypt_d2i_ex() function when processing malformed PKCS#12 files. The function fails to validate whether the oct parameter is NULL before dereferencing it. When PKCS12_unpack_p7encdata() passes a malformed PKCS#12 file, this parameter can be NULL, resulting in a crash. The vulnerability is confined to Denial of Service and cannot be [truncated]
CVE-2026-44412 is a high-severity memory corruption issue in Siemens Solid Edge affecting versions earlier than V226.0 Update 5. A specially crafted PAR file can trigger a stack-based overflow and may lead to code execution in the context of the current process.
CVE-2026-44411 is a high-severity Siemens Solid Edge issue where parsing specially crafted PAR files can trigger uninitialized pointer access. CISA’s advisory describes the impact as potential code execution in the context of the current process. Siemens’ remediation is to update to V226.0 Update 5 or later.
CVE-2026-41551 is a critical path traversal issue in Siemens ROS# versions before 2.2.2. CISA’s advisory says unsanitized user input can let a remote attacker access arbitrary files on the device. The advisory was first published on 2026-05-12 and republished on 2026-05-14 to incorporate Siemens ProductCERT’s SSA-357982 notice.
CVE-2026-40175 is a high-severity advisory in the supplied corpus, but the record contains a notable metadata mismatch: the product fields reference Siemens gWAP versions below 3.1.1, while the vulnerability description discusses Axios and a prototype-pollution gadget chain. Based on the source material, the key defensive takeaway is to treat this as a privileged-access, high-impact issue with potential e [truncated]
CVE-2026-33893 is a high-severity Siemens Teamcenter issue in which a hardcoded obfuscation key is stored directly in the application. If an attacker extracts that key, it could be reused to gain unauthorized access. The advisory was published on 2026-05-12 and republished by CISA on 2026-05-14, with vendor fixes listed for affected Teamcenter branches.
CVE-2026-33862 is a high-severity cross-site scripting issue in Siemens Teamcenter. The advisory says the affected application does not properly encode or filter user-supplied data, which can let an attacker inject malicious code that executes when other users visit the affected page. CISA published the advisory on 2026-05-12 and republished Siemens ProductCERT guidance on 2026-05-14.
CVE-2026-31790 is a high-severity information-disclosure issue described in the CISA-republished Siemens advisory. The flaw can cause an application using RSASVE key encapsulation to return success even when RSA encryption fails, leaving the caller to use an output buffer that may contain stale or uninitialized data. If that buffer is sent to a peer, sensitive data from prior process execution may be exposed.
CVE-2026-31789 is a heap buffer overflow in OpenSSL’s handling of very large X.509 OCTET STRING values when converting them to hexadecimal strings. The issue was published on 2026-04-07. It is triggered only on 32-bit platforms when buffer sizing multiplies the input length by 3 and overflows, resulting in allocation of a buffer that is too small. The vendor notes that exploitation would require crafted c [truncated]
CVE-2026-28390 is a denial-of-service vulnerability in CMS message processing: a crafted CMS EnvelopedData message using KeyTransportRecipientInfo and RSA-OAEP can trigger a NULL pointer dereference when the optional parameters field is missing. The advisory says applications that call CMS_decrypt() on attacker-controlled input may crash before authentication or cryptographic operations complete. CISA’s r [truncated]
CVE-2026-28389 is a HIGH-severity denial-of-service vulnerability involving CMS EnvelopedData processing with KeyAgreeRecipientInfo. A crafted message can trigger a NULL pointer dereference when the optional parameters field of KeyEncryptionAlgorithmIdentifier is missing, which can crash affected software before authentication or cryptographic operations complete. The source advisory ties remediation to S [truncated]
CVE-2026-28388 is a denial-of-service flaw in Siemens SIMATIC CN 4100 versions before 5.0. If X.509 verification is configured to use delta CRLs, a malformed delta CRL missing the required CRL Number extension can trigger a NULL pointer dereference and crash the application.
CVE-2026-27662 is a high-severity access-control weakness affecting multiple Siemens SIMATIC HMI panel models. When the required security mechanisms are not in place, an attacker may gain unauthorized access to the web browser through the Control Panel, which can expose backdoors, enable unauthorized actions, or reveal misconfigurations that increase the risk of further compromise.
CVE-2026-27446 is a missing-authentication issue in Apache Artemis / Apache ActiveMQ Artemis that can let an unauthenticated remote attacker use the Core protocol to make a target broker open an outbound federation connection to an attacker-controlled rogue broker. In vulnerable deployments, that can lead to message injection into queues and/or message exfiltration through the rogue broker. The advisory s [truncated]
CVE-2026-2673 is a High-severity OpenSSL TLS 1.3 server issue in which use of the DEFAULT keyword can flatten the intended group tuple structure and lead the server to negotiate a less preferred key exchange group than expected. In some cases, the server may also fail to send a Hello Retry Request when a more preferred mutually supported group exists but was not among the client’s initial predicted keysha [truncated]
CVE-2026-25789 is a Siemens SIMATIC PLC web-server issue in the Firmware Update page. Because filenames are not properly validated and sanitized, a remote attacker may socially engineer an authenticated user into selecting a modified firmware file name, leading to malicious JavaScript execution in that user’s session without the file actually being uploaded. The stated impact includes session hijacking or [truncated]
CVE-2026-25787 is an authenticated cross-site scripting issue in the Siemens SIMATIC web interface. A Technology Object (TO) name shown on the Motion Control Diagnostics page is not properly validated or sanitized, so a user who can download a TIA project into the product may inject malicious scripts. If another user with suitable rights opens that page, the script runs in that user's web session.
CVE-2026-25786 is a critical web-interface scripting issue affecting multiple Siemens SIMATIC and S7-1500 family devices. The advisory says PLC/station names rendered on the "communication" parameters page are not properly validated or sanitized, allowing an authenticated attacker who can download a TIA project to inject malicious scripts. If another user with appropriate rights opens that page, the scrip [truncated]
CVE-2026-22925 describes a network-based denial-of-service condition in Siemens SIMATIC CN 4100 versions before 5.0. According to the CISA-republished Siemens advisory, high volumes of TCP SYN packets can exhaust system resources and render the service unavailable. The safest response is to update to V5.0 or later and apply layered OT network protections while the fix is deployed.
CVE-2026-22924 is a critical Siemens SIMATIC CN 4100 issue where the affected application does not properly restrict unauthenticated connections and can be driven into resource exhaustion. Per the advisory, this can disrupt normal operations and may also enable unauthorized actions, with potential impact to both availability and integrity.
CVE-2026-21947 is described in the supplied advisory corpus as an Oracle Java SE JavaFX issue affecting Oracle Java SE 8u471-b50. The advisory says an unauthenticated network attacker could potentially cause limited data integrity impact, but exploitation is difficult and requires human interaction. The affected scope is narrow: sandboxed client deployments that load untrusted code, not server deployments [truncated]
CVE-2026-21945 is a network-reachable denial-of-service vulnerability affecting Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The advisory says an unauthenticated attacker can trigger a hang or repeatable crash, resulting in availability loss. Oracle’s note also narrows the practical exposure: it is aimed at Java client deployments that load and execute untrusted code unde [truncated]
This advisory describes a network-reachable Oracle Java SE / GraalVM networking issue that can be triggered through multiple protocols and requires human interaction. The source text says successful exploitation may allow unauthorized read and write access to some accessible data and can also change scope beyond the vulnerable component. The supplied corpus also contains conflicting product metadata that [truncated]
CVE-2026-21932 is a high-severity vulnerability affecting specific Oracle Java SE and GraalVM releases in the AWT/JavaFX area. The source says exploitation is network-reachable and unauthenticated, but it still requires user interaction, and the main risk is to client-side Java deployments that load untrusted content and rely on the Java sandbox.
CVE-2026-21925 is a network-reachable Oracle Java SE / GraalVM RMI vulnerability that CISA republished from Siemens ProductCERT material. The advisory says an unauthenticated attacker with network access can, under difficult exploitation conditions, gain unauthorized read access to some accessible data and limited update/insert/delete access to some accessible data in affected Java runtimes.
CVE-2025-9714 is a medium-severity local denial-of-service vulnerability in libxml2 XPath evaluation. According to the Siemens ProductCERT advisory republished by CISA on 2026-05-12 and updated on 2026-05-14, recursive XPath processing functions could reset recursion depth to zero before making recursive calls, allowing uncontrolled recursion and a stack overflow when crafted expressions are processed. Si [truncated]
CVE-2025-8916 is an availability issue in Bouncy Castle Java and BCPKIX FIPS certificate-path review code. The supplied advisory describes allocation without limits or throttling that can lead to excessive allocation in PKIXCertPathReviewer-related classes. The stated impact is low-severity availability loss, with a CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L and a base score of 5.3. The advis [truncated]
CVE-2025-61795 is a denial-of-service issue in Apache Tomcat’s multipart upload handling. When an error occurs during upload processing, temporary copies of uploaded parts may not be cleaned up immediately, allowing disk space to be consumed faster than garbage collection can reclaim it. Fixed releases are Apache Tomcat 11.0.12+, 10.1.47+, and 9.0.110+; older EOL 8.5.x versions are also reported affected.
CVE-2025-61748 is described in the supplied advisory text as a low-severity flaw in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition libraries. The issue is network-reachable, unauthenticated, and difficult to exploit, but a successful attack could allow unauthorized modification of accessible data. The advisory also notes potential exposure through Java APIs and sandboxed Jav [truncated]
CVE-2025-6052 is a low-severity memory-handling flaw described in CISA’s ICSA-26-134-10 advisory and republished from Siemens ProductCERT SSA-032379. The issue is a size-calculation overflow in GLib’s GString logic when appending data to already large strings, which can lead to an undersized allocation and out-of-bounds writes. The supplied advisory maps the issue to Siemens SIMATIC CN 4100 versions earli [truncated]
CVE-2025-55754 is a critical Apache Tomcat issue where unescaped ANSI escape sequences in log messages could be injected through a specially crafted URL. In the documented scenario, this could let an attacker manipulate a Windows console and clipboard and potentially trick an administrator into running an attacker-controlled command. The source advisory also notes no attack vector was found, but it may ha [truncated]
CVE-2025-55752 is a high-severity Apache Tomcat relative path traversal issue caused by a regression in URL rewrite handling: the rewritten URL was normalized before it was decoded. Under specific rewrite-rule configurations, an attacker could manipulate the request URI to bypass security constraints such as /WEB-INF/ and /META-INF/. If PUT is also enabled, the issue can escalate to malicious file upload [truncated]
CVE-2025-53066 is a network-exploitable Oracle Java SE / GraalVM JAXP vulnerability with a CVSS v3.1 base score of 7.5. The advisory says an unauthenticated attacker can reach the issue over multiple protocols and may gain unauthorized access to critical data or all data accessible to the affected Java runtime, including sandboxed Java Web Start or applet deployments that process untrusted code.
CVE-2025-53057 is described in the supplied CISA CSAF text as a network-accessible Java security vulnerability with integrity impact: an unauthenticated attacker can potentially create, delete, or modify critical data through affected Oracle Java SE and GraalVM environments. The advisory rates it CVSS 5.9 (medium) with high attack complexity and no user interaction. Important: the corpus also contains con [truncated]
CVE-2025-48989 is a high-severity Apache Tomcat availability issue caused by improper resource shutdown or release, described by the advisory as enabling the "made you reset" attack. The affected ranges are 11.0.0-M1 through 11.0.9, 10.1.0-M1 through 10.1.43, and 9.0.0.M1 through 9.0.107. The advisory recommends upgrading to 11.0.10, 10.1.44, or 9.0.108; older EOL versions may also be affected.
CVE-2025-47219 is a memory-safety issue described in the source corpus as a heap buffer read past the end while GStreamer’s isomp4 plugin parses an MP4 file. The advisory metadata also maps it to Siemens SIMATIC CN 4100 with low confidence, so product applicability should be confirmed before acting on the remediation.
CVE-2025-46836 describes a stack-based buffer overflow in the Linux net-tools interface display path. In the source advisory, interface labels from /proc/net/dev can be copied into a fixed 16-byte stack buffer without bounds checking, which can lead to a crash and, in some scenarios, possible code execution. The stated attack path does not require privilege, but the source also says it does not provide pr [truncated]
CVE-2025-43368 describes a use-after-free condition that was addressed with improved memory management. According to the advisory text in the supplied corpus, maliciously crafted web content may trigger an unexpected Safari crash, and the fix is included in Safari 26, iOS 26, iPadOS 26, and macOS Tahoe 26. The reported CVSS score is 4.3 (medium), reflecting a network-reachable issue that requires user int [truncated]
CVE-2025-40949 affects Siemens RUGGEDCOM ROX devices exposed through the Web UI Scheduler function. According to the CISA-published advisory, user-supplied input is not properly sanitized, which can let commands be injected into the task scheduling backend. The impact is severe: an authenticated remote attacker could execute arbitrary commands with root privileges on the underlying operating system. Sieme [truncated]
CVE-2025-40948 is a medium-severity issue in Siemens RUGGEDCOM ROX web server JSON-RPC handling. CISA’s advisory says affected devices fail to properly validate input, which could let an authenticated remote attacker read arbitrary files from the underlying operating system filesystem with root privileges. The supplied remediation is to update to V2.17.1 or later.
CVE-2025-40947 affects multiple Siemens RUGGEDCOM ROX devices when user-supplied input is not properly sanitized during feature key installation. According to the advisory, an authenticated remote attacker could inject arbitrary commands and achieve remote code execution with root privileges on the underlying operating system. Siemens and CISA list an update to V2.17.1 or later as the fix.
CVE-2025-40833 is a high-severity denial-of-service issue in affected Siemens industrial devices. The advisory says specially crafted IPv4 requests can trigger a null pointer dereference, and recovery requires a manual restart. The CVE was published on 2026-05-12 and modified on 2026-05-14. Because the issue is network reachable and requires no privileges or user interaction, operators should treat expose [truncated]
CVE-2025-40300 is described in the supplied advisory text as a Linux x86 VMSCAPE mitigation issue: after a VMexit, the kernel conditionally issues an IBPB before returning to userspace so that poisoned branch predictors from a guest do not affect the userspace hypervisor path. The source notes that existing mitigations already protect kernel/KVM from a malicious guest, but userspace can still be exposed. [truncated]
CVE-2025-39866 is a high-severity use-after-free in the Linux kernel writeback path, specifically in __mark_inode_dirty(). The supplied advisory material shows the bug can occur when the inode writeback context is switching and __mark_inode_dirty() races with wb_wakeup_delayed() after the old bdi_writeback has been released. CISA published the advisory on 2026-05-12 and republished it on 2026-05-14. The s [truncated]