Serial number: AV26-566
Date: June 9, 2026
On June 9, 2026, Siemens published a security advisory to address vulnerabilities in the following products. Included were updates for the following products:
- SINEC INS – versions prior to V1.0 SP2 Update 6
- Siemens Products – multiple versions and models
- SIPROTEC 5 - CP100 / CP150 / CP200 / CP300 / Devices – all versions
- SIPROTEC 5 Compact 7SX800 (CP050) – all versions
- Totally Integrated Automation Portal (TIA Portal) – all versions
The Cyber Centre encourages users and administrators to review the web links provided, perform the suggested mitigations and apply the necessary updates.
- SSA-860189: Multiple Vulnerabilities in SINEC INS Before V1.0 SP2 Update 6
- SSA-434797: Buffer Overflow Vulnerability in OpenSSL affecting Siemens Products
- SSA-139483: File Upload Vulnerability in SIPROTEC 5 Using DIGSI5 Protocol
- SSA-063511: Insufficient protection of key material in WinCC Certificate Manager
- Siemens Security Advisories