Cyber & Coffee

Our news

  • Siemens RUGGEDCOM APE1808 Devices

    View CSAF Summary Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. The following versions of Siemens RUGGEDCOM APE1808 Devices are affected: RUGGEDCOM APE1808

    READ MORE

  • Siemens Industrial Edge Device Kit

    View CSAF Summary Users of Industrial Edge Devices are advised to consult the respective Security Advisories for their devices (for Siemens Industrial Edge devices see Additional Information). Industrial Edge Device Kit contains an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new

    READ MORE

  • Siemens SIMATIC and SIPLUS products

    View CSAF Summary Siemens ET 200SP contains a denial-of-service vulnerability that could be triggered by sending a valid S7 protocol Disconnect Request (COTP DR TPDU), causing the device to become unresponsive and require a power cycle to recover. Siemens has released new versions for several affected products and recommends to update to the latest versions.

    READ MORE

  • Siemens TeleControl Server Basic

    View CSAF Summary TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. Siemens has released a new version for TeleControl Server Basic and recommends to update to the latest version. The following versions of Siemens TeleControl Server Basic are affected: TeleControl

    READ MORE

  • Siemens RUGGEDCOM ROS

    View CSAF Summary Ruggedcom ROS devices contain a temporary denial of service vulnerability that could allow an attacker to crash and restart the device. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens RUGGEDCOM ROS are affected: RUGGEDCOM RMC8388 V5.X (CVE-2025-40935) RUGGEDCOM

    READ MORE

  • AVEVA Process Optimization

    View CSAF Summary Successful exploitation of these vulnerabilities could enable an attacker to execute remote code, perform SQL injection, escalate privileges, or access sensitive information. The following versions of AVEVA Process Optimization are affected: Process Optimization (CVE-2025-61937, CVE-2025-64691, CVE-2025-61943, CVE-2025-65118, CVE-2025-64729, CVE-2025-65117, CVE-2025-64769) CVSS Vendor Equipment Vulnerabilities v3 10 AVEVA AVEVA Process Optimization Improper Control

    READ MORE

  • Secure Connectivity Principles for Operational Technology (OT)

    CISA and the UK National Cyber Security Centre (NCSC-UK), in collaboration with federal and international partners, have released Secure Connectivity Principles for Operational Technology (OT) guidance to help asset owners address increasing business and regulatory pressures for connectivity into operational technology (OT) networks. This guidance outlines eight principles to use as a framework to design,

    READ MORE

  • Rockwell Automation 432ES-IG3 Series A

    View CSAF Summary Successful exploitation of this vulnerability could result in a denial-of-service condition. The following versions of Rockwell Automation 432ES-IG3 Series A are affected: 432ES-IG3 Series A (CVE-2025-9368) CVSS Vendor Equipment Vulnerabilities v3 7.5 Rockwell Automation Rockwell Automation 432ES-IG3 Series A Allocation of Resources Without Limits or Throttling Background Critical Infrastructure Sectors: Critical Manufacturing

    READ MORE

  • YoSmart YoLink Smart Hub

    View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely control other users’ smart home devices, intercept sensitive data, and hijack sessions. The following versions of YoSmart YoLink Smart Hub are affected: YoSmart server (CVE-2025-59449, CVE-2025-59451) YoLink Smart Hub (CVE-2025-59452) YoLink Mobile Appication (CVE-2025-59448) CVSS Vendor Equipment Vulnerabilities v3 5.8 YoSmart

    READ MORE

  • Rockwell Automation FactoryTalk DataMosaix Private Cloud

    View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to perform unauthorized sensitive database operations. The following versions of Rockwell Automation FactoryTalk DataMosaix Private Cloud are affected: FactoryTalk DataMosaix Private Cloud (CVE-2025-12807) FactoryTalk DataMosaix Private Cloud (CVE-2025-12807) FactoryTalk DataMosaix Private Cloud (CVE-2025-12807) CVSS Vendor Equipment Vulnerabilities v3 8.8 Rockwell Automation Rockwell Automation

    READ MORE