Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38499)

In the Linux kernel, the following vulnerability has been resolved: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. Wouldn't be able to undo may be a resu...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38430)

In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4spomustallow must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedure...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38071)

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblockphysallocrange At least with CONFIGPHYSICALSTART=0x100000, if there is 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblockphysallocrange...

Siemens SIMATIC S7-1500 Improper Locking (CVE-2025-38058)

In the Linux kernel, the following vulnerability has been resolved: legitimizemnt: check for MNTSYNCUMOUNT should be under mountlock ... or we risk stealing final mntput from sync umount - raising mntcount after umount2 has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in...

Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2025-38083)

In the Linux kernel, the following vulnerability has been resolved: netsched: prio: fix a race in priotune Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 1: lock root 2: qdisctreeflushbacklog 3: unlock root | ...

Siemens SIMATIC S7-1500 Double Free (CVE-2025-38079)

In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash - fix double free in hashaccept If accept2 is called on socket type algifhash with MSGMORE flag set and cryptoahashimport fails, sk2 is freed. However, it is also freed in afalgrelease, leading to...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-38342)

In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs wants to get @index-th element, so the property value requires at least 'index + 1 sizeofref' bytes but that can not be guaranteed by...

Siemens SIMATIC S7-1500 Divide By Zero (CVE-2025-38312)

In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod In fbfindmodecvt, iff mode-refresh somehow happens to be 0x80000000, cvt.frefresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fbcvthperiod,...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Heliox, Ruggedcom, SICAM, SIDIS and SIMATIC. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

Siemens SIMATIC S7-1500 Device Stored Cross-Site Scripting Vulnerability

SIMATIC S7-1500 is an industrial controller from Siemens. A stored cross-site scripting vulnerability exists in the Siemens SIMATIC S7-1500, which can be exploited by an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in a web interface...

Siemens多款产品 跨站脚本漏洞

SIMATIC S7-1500 is an industrial controller from Siemens. A stored cross-site scripting vulnerability exists in the Siemens SIMATIC S7-1500, which can be exploited by an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in a web interface...

Siemens SIMATIC

SUMMARY SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the...

Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2025-38701)

In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...

Siemens SIMATIC S7-1500 Missing Release of Resource after Effective Lifetime (CVE-2025-38721)

"In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlinkdumptable: if res ctgeneral %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505170;...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-39787)

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-39683)

In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser-buffer when tracegetuser failed When the length of the string written to setftracefilter exceeds FTRACEBUFFMAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in...

Siemens SIMATIC S7-1500 Improper Check for Dropped Privileges (CVE-2025-39798)

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaults, and then probed for again. This plugin...

Siemens SIMATIC S7-1500 Uncontrolled Recursion (CVE-2025-39795)

In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunksectors check in blkstacklimits In blkstacklimits, we check that the t-chunksectors value is a multiple of the t-physicalblocksize value. However, by finding the chunksectors value in bytes...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-69421)

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

Siemens SIMATIC and SIPLUS products Uncontrolled Resource Consumption (CVE-2025-40944)

Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request COTP DR TPDU on TCP port 102, the devices enter an improper session state. This could allow an attacker to cause the device to become unresponsive, leading to a...