CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Siemens SINEC OS

criticalCVE-2025-1352CVE-2025-1376CVE-2025-6052CVE-2025-6141CVE-2025-6170CVE-2025-7039
View CSAF Summary SINEC OS before V4.0 contains multiple vulnerabilities. Siemens has released a new version for RUGGEDCOM RST2428P and recommends to update to the latest version. The following versions of Siemens SINEC OS are affected: RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/<4.0 CVSS Vendor Equipment Vulnerabilities v3 9.8 Siemens Siemens SINEC OS Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Resource Shutdown or Release, Integer Overflow or Wraparound, Stack-based Buffer Overflow, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Uncontrolled Recursion, Out-of-bounds Read, Covert Timing Channel, Improper Input Validation, Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Improper Update of Reference Count, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), Multiple Releases of Same Resource or Handle, Permissive Regular Expression, Expired Pointer Dereference, Incorrect Bitwise Shift of Integer, Out-of-bounds Write, User Interface (UI) Misrepresentation of Critical Information, Improper Access Control, Insertion of Sensitive Information Into Sent Data, Inefficient Algorithmic Complexity, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Authentication Bypass by Primary Weakness, NULL Pointer Dereference, Active Debug Code, Loop with Unreachable Exit Condition ('Infinite Loop'), Missing Synchronization, External Control of File Name or Path, Privilege Dropping / Lowering Errors, Use of Web Browser Cache Containing Sensitive Information Background Critical Infrastructure Sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2025-1352 A vulnerability has been found in GNU elfut

CSIRTS triage

What
Multiple vulnerabilities could allow various attacks including privilege escalation and denial of service.
Who is affected
Deployments of SINEC OS versions before 4.0.
Urgency
Remediation is urgent due to the critical CVSS score and multiple attack vectors.
Action
Update to the latest version of SINEC OS.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch SINEC OS

Get an email when a new SINEC OS advisory drops — max one per day, one-click unsubscribe.

Details

Source
CISA Cybersecurity Advisories (US · national-cert · site)
Severity
critical
Published
2026-07-07
Exploitation
Not in CISA KEV at last sync

Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-188-05

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2025-1352coverage & exploitation statusNVD · CVE.org
CVE-2025-1376coverage & exploitation statusNVD · CVE.org
CVE-2025-6052coverage & exploitation statusNVD · CVE.org
CVE-2025-6141coverage & exploitation statusNVD · CVE.org
CVE-2025-6170coverage & exploitation statusNVD · CVE.org
CVE-2025-7039coverage & exploitation statusNVD · CVE.org
CVE-2025-8732coverage & exploitation statusNVD · CVE.org
CVE-2025-9086coverage & exploitation statusNVD · CVE.org
CVE-2025-9230coverage & exploitation statusNVD · CVE.org
CVE-2025-9231coverage & exploitation statusNVD · CVE.org
CVE-2025-9232coverage & exploitation statusNVD · CVE.org
CVE-2025-10966coverage & exploitation statusNVD · CVE.org
CVE-2025-13465coverage & exploitation statusNVD · CVE.org
CVE-2025-13601coverage & exploitation statusNVD · CVE.org
CVE-2025-39913coverage & exploitation statusNVD · CVE.org
CVE-2025-40214coverage & exploitation statusNVD · CVE.org
CVE-2025-40248coverage & exploitation statusNVD · CVE.org
CVE-2025-40250coverage & exploitation statusNVD · CVE.org
CVE-2025-40251coverage & exploitation statusNVD · CVE.org
CVE-2025-40252coverage & exploitation statusNVD · CVE.org
CVE-2025-40254coverage & exploitation statusNVD · CVE.org
CVE-2025-40257coverage & exploitation statusNVD · CVE.org
CVE-2025-40258coverage & exploitation statusNVD · CVE.org
CVE-2025-40261coverage & exploitation statusNVD · CVE.org
CVE-2025-40262coverage & exploitation statusNVD · CVE.org
CVE-2025-40263coverage & exploitation statusNVD · CVE.org
CVE-2025-40264coverage & exploitation statusNVD · CVE.org
CVE-2025-40271coverage & exploitation statusNVD · CVE.org
CVE-2025-40278coverage & exploitation statusNVD · CVE.org
CVE-2025-40280coverage & exploitation statusNVD · CVE.org
CVE-2025-40281coverage & exploitation statusNVD · CVE.org
CVE-2025-40345coverage & exploitation statusNVD · CVE.org
CVE-2025-46394coverage & exploitation statusNVD · CVE.org
CVE-2025-49794coverage & exploitation statusNVD · CVE.org
CVE-2025-49795coverage & exploitation statusNVD · CVE.org
CVE-2025-49796coverage & exploitation statusNVD · CVE.org
CVE-2025-60876coverage & exploitation statusNVD · CVE.org
CVE-2025-66035coverage & exploitation statusNVD · CVE.org
CVE-2025-66382coverage & exploitation statusNVD · CVE.org
CVE-2025-66412coverage & exploitation statusNVD · CVE.org
CVE-2025-69720coverage & exploitation statusNVD · CVE.org
CVE-2025-71185coverage & exploitation statusNVD · CVE.org
CVE-2025-71186coverage & exploitation statusNVD · CVE.org
CVE-2025-71188coverage & exploitation statusNVD · CVE.org
CVE-2025-71189coverage & exploitation statusNVD · CVE.org
CVE-2025-71190coverage & exploitation statusNVD · CVE.org
CVE-2025-71191coverage & exploitation statusNVD · CVE.org
CVE-2026-1484coverage & exploitation statusNVD · CVE.org

+29 more CVEs referenced in this advisory.

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from CISA Cybersecurity Advisories