Multiple Vulnerabilities in Belden NetModule and Siemens Products Enable RCE
CERT-FR issued advisories for multiple vulnerabilities affecting Belden NetModule Router Software and a range of Siemens products. The flaws in Belden NetModule Router Software could allow a remote attacker to execute arbitrary code on affected systems and trigger a remote denial of service, raising concern for organizations that rely on these devices in operational and industrial environments.
A separate CERT-FR notice reported multiple vulnerabilities across Siemens products that could enable remote code execution, privilege escalation, and remote denial of service. While the available notice summary did not list specific product names, CVE identifiers, or patch details, the combined disclosures indicate broad exposure across industrial technology vendors and underscore the need for defenders to identify affected assets and apply vendor guidance as updates become available.
Timeline
Apr 14, 2026
Multiple vulnerabilities disclosed in Siemens products
CERT-FR published an advisory reporting multiple vulnerabilities affecting Siemens products. The notice said the flaws could enable remote arbitrary code execution, privilege escalation, and remote denial of service, though the provided content did not name specific products or patches.
Apr 2, 2026
Multiple vulnerabilities disclosed in Belden NetModule Router Software
CERT-FR published an advisory stating that multiple vulnerabilities were discovered in Belden NetModule Router Software. According to the notice, the flaws could allow remote arbitrary code execution and remote denial of service on affected systems.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Siemens SICAM 8 Flaws Expose OT Devices to Denial-of-Service
Siemens disclosed multiple vulnerabilities in **SICAM 8** industrial control system products affecting **CPCI85 Central Processing/Communication**, **RTUM85 RTU Base**, and the **SICORE Base system**, with vulnerable versions identified as releases prior to **V26.10** or **V26.10.0** depending on the product. The issues are tracked as **`CVE-2026-27663`** and **`CVE-2026-27664`**, and can allow denial-of-service conditions in operational technology environments. Siemens published advisory **`SSA-246443`**, while the Canadian Centre for Cyber Security and CISA both urged asset owners to review the vendor guidance and apply the recommended updates. According to CISA, **`CVE-2026-27663`** is a resource exhaustion flaw in remote operation mode that can block parameterization and may require a reset or reboot, while **`CVE-2026-27664`** is an out-of-bounds write triggered by specially crafted XML input that can crash the affected service. Siemens has released fixed versions and advised organizations to validate patches before deployment and harden network access with segmentation, firewalls, and VPNs; CISA further recommended minimizing internet exposure of control systems and isolating OT networks from business networks to reduce the risk of disruption.
1 months ago
Siemens Issues Security Updates for Multiple Industrial and Engineering Products
**Siemens published security advisories for multiple products**, prompting both CISA ICS advisories and a Canadian Centre for Cyber Security alert covering a broad set of affected industrial/engineering software and OT-adjacent components. Reported issues include a **stored XSS** in *Siemens Polarion* (CVE-2025-40587; CVSS 7.6) where authenticated users can inject JavaScript via crafted document titles, and **local privilege escalation** paths in *Siemens SINEC NMS* and its *User Management Component (UMC)* (CVE-2026-25655, CVE-2026-25656; CVSS 7.8) that allow low-privileged users to modify configuration/search paths to load malicious DLLs and potentially gain elevated execution (including SYSTEM-level impact). Siemens also addressed a **missing authorization** condition affecting *Siveillance Video Management Servers* Webhooks/MIP Webhooks API (CVSS 6.3), enabling a read-only user to obtain full API access. Additional advisories cover file-parsing and third-party component risks that can lead to crashes or potential code execution. *Siemens NX* is affected by multiple **CGM file parsing** flaws (CVE-2026-22923/22924/22925; CVSS 7.8) that can be triggered when a user opens a malicious file, and *Siemens Solid Edge* includes an **out-of-bounds read** in the PS/IGES Parasolid translator when processing crafted IGS files (CVSS 7.8). *Desigo CC* and *SENTRON Powermanager* are impacted via the third-party *WIBU Systems CodeMeter Runtime* chain tied to **CVE-2023-38545** (curl SOCKS5 heap overflow; CVSS 8.8), with Siemens providing component update instructions. *Siemens SINEC OS* before V3.3 aggregates a large set of third-party CVEs across supported platforms, and *Siemens COMOS* advisories include multiple issues (up to CVSS 10) spanning potential code execution, DoS, data exposure, and access control violations; Siemens recommends updating where fixes are available and applying countermeasures where they are not yet released.
1 weeks ago
Authentication Bypass Vulnerability in Siemens SIMATIC CP and SIPLUS ET 200SP Devices
A critical authentication bypass vulnerability, tracked as CVE-2025-40771 with a CVSS score of 9.8, has been discovered in Siemens SIMATIC CP and SIPLUS ET 200SP industrial communication modules. The flaw affects multiple device models, including SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CP 1543SP-1, as well as SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL, CP 1543SP-1 ISEC, and CP 1543SP-1 ISEC TX RAIL, specifically all versions prior to V2.4.24. The vulnerability arises from improper authentication of configuration connections, which allows unauthenticated remote attackers to gain access to sensitive configuration data on affected devices. This issue is particularly severe because it does not require any prior authentication, enabling attackers to exploit the flaw remotely without credentials. The vulnerability could be leveraged to compromise the integrity and confidentiality of industrial control systems that rely on these modules for network communication. Siemens has acknowledged the vulnerability and has released advisories to inform customers of the affected product versions. The flaw was reported by Siemens ProductCERT, and the company has urged users to update to the latest firmware version (V2.4.24 or later) to mitigate the risk. Exploitation of this vulnerability could allow attackers to alter device configurations, potentially disrupting industrial processes or enabling further attacks within operational technology environments. The vulnerability is considered critical due to the widespread use of these modules in industrial automation and the potential impact on critical infrastructure. Security researchers have highlighted the risk of remote exploitation, emphasizing the need for immediate patching and network segmentation to protect vulnerable devices. Organizations are advised to review their asset inventories to identify affected devices and prioritize remediation efforts. In addition to patching, Siemens recommends implementing network security best practices, such as restricting access to configuration interfaces and monitoring for unauthorized connection attempts. The disclosure of CVE-2025-40771 underscores the ongoing challenges in securing industrial control systems against remote attacks. The vulnerability was publicly disclosed in mid-October 2025, and security advisories have been disseminated to raise awareness among industrial operators. The incident highlights the importance of timely vulnerability management and the need for robust authentication mechanisms in critical infrastructure devices. Failure to address this vulnerability could result in significant operational disruptions and potential safety risks in industrial environments. The security community continues to monitor for signs of exploitation in the wild, and organizations are encouraged to stay informed about further updates from Siemens and relevant CERTs.
1 months ago