製品・ソフトウェアに関する情報

Vulnerability Search

ベンダー検索

Product/Service Search

JVN Vulnerability Search Top

->

JVN脆弱性詳細

Siemens製品に対するアップデート（2026年5月）

Title	Siemens製品に対するアップデート（2026年5月）
Summary	新規：18件<ul><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-032379.html' target='_blank'>SSA-032379: Multiple Vulnerabilities in SIMATIC CN 4100 Before V5.0</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-078743.html' target='_blank'>SSA-078743: Remote Code Execution Vulnerability in Ruggedcom Rox Before V2.17.1</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-081142.html' target='_blank'>SSA-081142: Arbitrary Code Execution Vulnerability in Ruggedcom Rox Before 2.17.1</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-085541.html' target='_blank'>SSA-085541: Missing Authentication in Critical Function in ActiveMQ Artemis (CVE-2026-27446) in Opcenter RDnL</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-357982.html' target='_blank'>SSA-357982: Path Traversal Vulnerability in ROS# Before 2.2.2</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-387223.html' target='_blank'>SSA-387223: Unauthenticated Control Panel Escape Vulnerability on SIMATIC HMI Unified Comfort before V21.0</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-392349.html' target='_blank'>SSA-392349: Denial of Service Vulnerability in Industrial Devices</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-545643.html' target='_blank'>SSA-545643: Multiple Vulnerabilities in KACO Blueplanet Inverters</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-577017.html' target='_blank'>SSA-577017: Multiple Vulnerabilities in Ruggedcom Rox Before 2.17.1</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-688146.html' target='_blank'>SSA-688146: Multiple Cross-Site Scripting Vulnerabilities in SIMATIC S7 PLCs Web Server</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-783943.html' target='_blank'>SSA-783943: HTTP Request Smuggling Vulnerability in SENTRON 7KT PAC1261 Data Manager Before V2.1.0</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-786884.html' target='_blank'>SSA-786884: Insufficient Randomness in Session Identifier Vulnerability in SIPROTEC 5</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-827383.html' target='_blank'>SSA-827383: Multiple Vulnerabilities in Teamcenter</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-870926.html' target='_blank'>SSA-870926: Datakit Vulnerability in Simcenter Femap</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-876049.html' target='_blank'>SSA-876049: Prototype Pollution Vulnerability in Axios Library Affecting Siemens gWAP Before V3.1.1</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-921111.html' target='_blank'>SSA-921111: Two File Parsing Vulnerabilities in Solid Edge Before version SE225 Update 5</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-967325.html' target='_blank'>SSA-967325: Buffer Overflow Vulnerability in Palo Alto Networks PAN-OS on RUGGEDCOM APE1808 Devices</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-973901.html' target='_blank'>SSA-973901: Arbitrary File Disclosure Vulnerability in Ruggedcom Rox Before V2.17.1</a></li></ul>更新：11件<ul><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-001536.html' target='_blank'>SSA-001536: Authorization Bypass Vulnerability in Siemens Industrial Edge Devices</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-082556.html' target='_blank'>SSA-082556: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-216014.html' target='_blank'>SSA-216014: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-265688.html' target='_blank'>SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-280834.html' target='_blank'>SSA-280834: Improper OpenVPN Credential Validation Vulnerability in SCALANCE M-800 and SC-600 Families</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssb-295699.html' target='_blank'>SSB-295699: Configuration of Microsoft Defender Antivirus for SIMATIC PCS 7 and SIMATIC PCS neo</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-452276.html' target='_blank'>SSA-452276: Eval Injection Vulnerability in SIMATIC S7-1500</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-723487.html' target='_blank'>SSA-723487: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-827968.html' target='_blank'>SSA-827968: Vulnerability in Nozomi Guardian/CMC Before V26.2.0 on RUGGEDCOM APE1808 Devices</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-904646.html' target='_blank'>SSA-904646: Sensitive Data Exposure Vulnerability in SIPROTEC 5 Devices</a></li><li><a href='https://cert-portal.siemens.com/productcert/html/ssa-975644.html' target='_blank'>SSA-975644: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices</a></li></ul>
Possible impacts	Siemensのアドバイザリを参照してください。
Solution	Siemensのアドバイザリを参照してください。
Publication Date	May 13, 2026, midnight
Registration Date	May 14, 2026, 5:11 p.m.
Last Update	May 14, 2026, 5:11 p.m.

Affected System

シーメンス

(複数の製品)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-3596	https://www.cve.org/CVERecord?id=CVE-2024-3596
2	CVE-2026-27446	https://www.cve.org/CVERecord?id=CVE-2026-27446

その他

No	Name	URL
JVN
1	JVNVU#99296478	https://jvn.jp/vu/JVNVU99296478/index.html

Change Log

No	Changed Details	Date of change
1	[2026年05月14日] 掲載	May 14, 2026, 5:11 p.m.

NVD Vulnerability Information

CVE-2024-3596

Summary	RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Publication Date	July 9, 2024, 9:15 p.m.
Registration Date	July 10, 2024, 10:02 a.m.
Last Update	Nov. 21, 2024, 6:29 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.openwall.com/lists/oss-security/2024/07/09/4
2	http://www.openwall.com/lists/oss-security/2024/07/09/4
3	https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
4	https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
5	https://datatracker.ietf.org/doc/html/rfc2865
6	https://datatracker.ietf.org/doc/html/rfc2865
7	https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
8	https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
9	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
10	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
11	https://security.netapp.com/advisory/ntap-20240822-0001/
12	https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
13	https://www.blastradius.fail/
14	https://www.blastradius.fail/

Common Vulnerabilities List