Publication Date:
Last Update:
Current Version: V1.0
CVSS v3.1 Base Score: 8.8
CVSS v4.0 Base Score: 7.7
Un-/Collapse All
Affected Product and Versions Remediation
Expand children
Currently no fix is available
Expand children
Update to V5.10.0 or later version
Known Not Affected Products Reason

All versions
not affected by CVE-2025-41224
The affected functionality is implemented in a different way and not vulnerable. (Vulnerable Code Not Present)

All versions
not affected by CVE-2023-52236
The affected features are not supported. (Vulnerable Code Not in Execute Path)

All versions
not affected by CVE-2025-41222
The affected features are not supported. (Vulnerable Code Not in Execute Path)

All versions
not affected by CVE-2025-41223
The affected features are not supported. (Vulnerable Code Not in Execute Path)

All versions
not affected by CVE-2023-52236
The affected features are not supported. (Vulnerable Code Not in Execute Path)

All versions
not affected by CVE-2025-41222
The affected features are not supported. (Vulnerable Code Not in Execute Path)

All versions
not affected by CVE-2025-41223
The affected features are not supported. (Vulnerable Code Not in Execute Path)
  • CVE-2023-52236, CVE-2025-41222:
    • Deactivate the SSH server if not required, and if deactivation is supported by the product
    • Deactivate the webserver if not required, and if deactivation is supported by the product
  • CVE-2023-52236: Restrict access to port 80/tcp, 443/tcp and 22/tcp to trusted IP addresses only
  • CVE-2025-41222: Restrict access to port 80/tcp, 443/tcp and 22/TCP, to trusted IP addresses only
  • CVE-2025-41223: Configure the web client to use GCM ciphers; for list of ROS supported cipher suites refer to configuration manual

Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
CVSS v4.0 Base Score 6.1
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
CWE CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS v4.0 Base Score 6.9
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CWE CWE-755: Improper Handling of Exceptional Conditions
CVSS v3.1 Base Score 4.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS v4.0 Base Score 6.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CWE CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 7.7
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-693: Protection Mechanism Failure

https://www.siemens.com/cert/advisories
V1.0 (2025-07-08): Publication Date