← Back to home
ICSA-15-176-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Siemens Climatix BACnet/IP Communication Module Cross-site Scripting Vulnerability

CVSS 4.3 MEDIUM

CVEs (1)

Remediations

  • Siemens provides firmware update Climatix BACnet/IP communication module V10.34 to fix the vulnerability
  • This firmware update can be obtained by registered users at the following location: (https://support.industry.siemens.com/cs/ww/en/view/86192510)
  • The new firmware update includes further security improvements (e.g., web server authentication enabled by default), and Siemens strongly recommends that all users update to this new release
  • For further information please see the release notes of firmware version V10.34
  • As a general security measure, Siemens strongly recommends to protect network access to the Climatix BACnet/IP communication module with appropriate mechanisms
  • For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-142512 at the following location: (http://www.siemens.com/cert/advisories)

Affected Vendors

Siemens

Affected Products (1)

Siemens · Climatix BACnet/IP communication module <V10.34.

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more