CISA Alerts: Siemens Releases Patches for Dozens of ICS Vulnerabilities Across SIPROTEC, SIMATIC, Ruggedcom, and Other Products
CISA has published a series of advisories covering vulnerabilities in Siemens industrial products, including session hijacking in SIPROTEC 5, OS command injection in Ruggedcom ROX, and multiple flaws in SIMATIC S7 PLCs and other ICS devices.
CISA has released a batch of Industrial Control Systems (ICS) advisories covering vulnerabilities across a wide range of Siemens products, including SIPROTEC 5 protection devices, SIMATIC HMI panels, Ruggedcom ROX routers, SIMATIC S7 PLCs, and several other industrial control products. The advisories detail vulnerabilities ranging from session identifier weaknesses to remote code execution flaws.
Among the most notable advisories is ICSA-26-134-13, which describes a vulnerability in SIPROTEC 5 devices (CVE-2024-54017) where insufficiently random numbers are used to generate session identifiers, potentially allowing an unauthenticated remote attacker to hijack a valid user session through brute-force attacks. The affected session identifiers are only used in a subset of endpoints.
Multiple Ruggedcom ROX advisories (ICSA-26-134-02, ICSA-26-134-11, ICSA-26-134-12, ICSA-26-134-16) detail improper access control and input validation vulnerabilities that could allow authenticated remote attackers to read arbitrary files or execute commands with root privileges. Version 2.17.1 addresses these issues across the MX5000, RX1400, RX1500, RX1501, RX1510, and RX1511 models.
The SIMATIC S7 PLC Web Server advisory (ICSA-26-134-15) covers multiple cross-site scripting vulnerabilities (CVE-2026-25786, CVE-2026-25787, CVE-2026-25789) affecting a wide range of PLC models including Drive Controller CPUs, S7-1200, S7-1500, and related products. Siemens has released updated versions for several affected products.
Other advisories cover OS command injection in Universal Robots Polyscope 5 (CVE-2026-8153, CVSS 9.8), HTTP request smuggling in SENTRON 7KT PAC1261 Data Manager (CVSS 9.1), heap buffer overflow in Simcenter Femap, file parsing vulnerabilities in Solid Edge, and multiple flaws in Teamcenter, Opcenter RDnL, SIMATIC CN 4100, and gWAP. Siemens has released fixes for most affected products and recommends countermeasures where fixes are not yet available.