Siemens Products using OpenSSL
View CSAF Summary OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow for remote code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens Products using OpenSSL are affected: AI Lightweight Inference Server vers:all/* (CVE-2025-15467) Connector for Azure vers:intdot/<1.8.0 (CVE-2025-15467) Databus vers:intdot/<3.3.2 (CVE-2025-15467) HiMed Cockpit vers:all/* (CVE-2025-15467) RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) vers:all/* (CVE-2025-15467) RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) vers:all/* (CVE-2025-15467) SCALANCE LPE9403 (6GK5998-3GS00-2AC2) vers:all/* (CVE-2025-15467) SCALANCE LPE9413 (6GK5998-3GS01-2AC2) vers:all/* (CVE-2025-15467) SCALANCE LPE9433 (6GK5998-3GS11-2AC2) vers:all/* (CVE-2025-15467) SCALANCE M804PB (6GK5804-0AP00-2AA2) vers:all/* (CVE-2025-15467) SCALANCE M812-1 ADSL-Router family vers:all/* (CVE-2025-15467) SCALANCE M816-1 ADSL-Router family vers:all/* (CVE-2025-15467) SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) vers:all/* (CVE-2025-15467) SCALANCE M874-2 (6GK5874-2AA00-2AA2) vers:all/* (CVE-2025-15467) SCALANCE M874-3 (6GK5874-3AA00-2AA2) vers:all/* (CVE-2025-15467) SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) vers:all/* (CVE-2025-15467) SCALANCE M876-3 (6GK5876-3AA02-2BA2) vers:all/* (CVE-2025-15467) SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) vers:all/* (CVE-2025-15467) SCALANCE M876-4 (6GK5876-4AA10-2BA2) vers:all/* (CVE-2025-15467) SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) vers:all/* (CVE-2025-15467) SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) vers:all/* (CVE-2025-15467) SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) vers:all/* (CVE-2025-15467) SCALANCE MUB852-1 (B1) (6GK
CSIRTS triage
- What
- A stack-based buffer overflow vulnerability could lead to denial of service or remote code execution.
- Who is affected
- Users of Siemens products utilizing OpenSSL.
- Urgency
- Remediation is urgent due to the potential for severe exploitation.
- Action
- Update to the latest versions of affected Siemens products.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-03
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Elevated exploitation riskCVE-2025-1546747.6% 30-day exploitation probability — well above the norm. Schedule remediation this cycle. Riskier than 99% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2025-15467 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownMultiple vulnerabilities in IBM products (June 26, 2026)cert-fr-avis
- unknownMultiple vulnerabilities in Tenable Identity Exposure (June 24, 2026)cert-fr-avis
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalSchneider Electric PowerChute Serial Shutdown2026-07-09
- criticalOpenPLC v32026-07-09
- criticalSchneider Electric Easergy MiCOM Px40 Series2026-07-09
- highCISA Adds One Known Exploited Vulnerability to Catalog2026-07-07