Zero Day MonitorZDM

← Back to list

EST

PRE-CVEPATCHED

siemens · sinec ins, siprotec 5, siprotec 5 compact 7sx800, totally integrated automation portal (tia portal)

Multiple Vulnerabilities in Siemens Control Systems Products

72% confidence

Description

Multiple vulnerabilities have been identified in Siemens products including SINEC INS prior to V1.0 SP2 Update 6, SIPROTEC 5 devices, SIPROTEC 5 Compact 7SX800, and Totally Integrated Automation Portal (TIA Portal). These include buffer overflow in OpenSSL affecting Siemens products, file upload vulnerability in SIPROTEC 5 using DIGSI5 protocol, and insufficient protection of key material in WinCC Certificate Manager.

Affected Products

Vendor	Product	Versions
siemens	sinec ins, siprotec 5, siprotec 5 compact 7sx800, totally integrated automation portal (tia portal)	SINEC INS prior to V1.0 SP2 Update 6, all versions of SIPROTEC 5 CP100 / CP150 / CP200 / CP300 / Devices, all versions of SIPROTEC 5 Compact 7SX800 (CP050), all versions of Totally Integrated Automation Portal (TIA Portal)

Related News (1 articles)

Tier B

CCCS Canada2h ago

[Control systems] Siemens security advisory (AV26-566)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

V1.0 SP2 Update 6 for SINEC INS

PublishedJun 9, 2026

Last enriched2h ago

Tags

buffer overflowfile upload vulnerabilityinsufficient key protectioncontrol systemsindustrial automation

Trending Score20

Source articles1

Independent1

Info Completeness6/14

Missing: cve_id, cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2025-40808EXP

CVE-2025-40808: A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions),

HIGHCVE-2026-46746EXP

CVE-2026-46746: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly s

HIGHCVE-2026-46748EXP

CVE-2026-46748: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a bina

MEDIUMCVE-2026-46747EXP

CVE-2026-46747: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not p

HIGHCVE-2026-24349

CVE-2026-24349: A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Run

Pin to Dashboard

Verification

State: reported

Confidence: 72%

Vulnerability Timeline

CVE Published

Jun 9, 2026

Patch Available

Jun 9, 2026

Discovered by ZDM

Jun 9, 2026