ICSA-26-160-02 · Published 2026-06-09 · View on CISA ICS-CERT ↗

Siemens KACO Blueplanet Inverters

CVSS 8.3 HIGH

Risk Summary

KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access. KACO new energy GmbH has released new versions for several affected products and recommends to update to the latest versions. KACO new energy GmbH is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

CVEs (2)

CVE-2025-40946 CVE-2026-41125

Remediations

Currently no fix is planned
Currently no fix is available
Update to V3.91 or later version
Update to V6.1.4.9 or later version

Affected Vendors

Siemens

Affected Products (41)

Siemens · blueplanet 100 NX3 M8 vers:all/*

Siemens · blueplanet 100 TL3 GEN2 vers:all/*

Siemens · blueplanet 100 TL3 GEN2 vers:intdot/<6.1.4.9

Siemens · blueplanet 105 TL3 vers:all/*

Siemens · blueplanet 105 TL3 GEN2 vers:all/*

Siemens · blueplanet 105 TL3 GEN2 vers:intdot/<6.1.4.9

Siemens · blueplanet 110 TL3 vers:all/*

Siemens · blueplanet 125 NX3 M11 vers:all/*

Siemens · blueplanet 125 TL3 vers:all/*

Siemens · blueplanet 125 TL3 GEN2 vers:all/*

Siemens · blueplanet 125 TL3 GEN2 vers:intdot/<6.1.4.9

Siemens · blueplanet 137 TL3 vers:all/*

Siemens · blueplanet 150 TL3 vers:all/*

Siemens · blueplanet 150 TL3 GEN2 vers:all/*

Siemens · blueplanet 150 TL3 GEN2 vers:intdot/<6.1.4.9

Siemens · blueplanet 155 TL3 vers:all/*

Siemens · blueplanet 155 TL3 GEN2 vers:all/*

Siemens · blueplanet 155 TL3 GEN2 vers:intdot/<6.1.4.9

Siemens · blueplanet 165 TL3 vers:all/*

Siemens · blueplanet 165 TL3 GEN2 vers:all/*

Siemens · blueplanet 165 TL3 GEN2 vers:intdot/<6.1.4.9

Siemens · blueplanet 25.0 NX3-33.0 NX3 vers:all/*

Siemens · blueplanet 3.0 NX3-20.0 NX3 vers:all/*

Siemens · blueplanet 3.0 TL3-60.0 TL3 vers:all/*

Siemens · blueplanet 3.0-5.0 NX1 vers:all/*

Siemens · blueplanet 360 NX3 M6 vers:all/*

Siemens · blueplanet 50.0 NX3-60.0 NX3 vers:all/*

Siemens · blueplanet 87.0 TL3 vers:all/*

Siemens · blueplanet 87.0 TL3 GEN2 vers:all/*

Siemens · blueplanet 87.0 TL3 GEN2 vers:intdot/<6.1.4.9

Siemens · blueplanet 92.0 TL3 vers:all/*

Siemens · blueplanet 92.0 TL3 GEN2 vers:all/*

Siemens · blueplanet 92.0 TL3 GEN2 vers:intdot/<6.1.4.9

Siemens · blueplanet gridsafe 110 TL3-S vers:intdot/<3.91

Siemens · blueplanet gridsafe 110 TL3-S vers:all/*

Siemens · blueplanet gridsafe 137 TL3-S vers:intdot/<3.91

Siemens · blueplanet gridsafe 137 TL3-S vers:all/*

Siemens · blueplanet gridsafe 92.0 TL3-S vers:all/*

Siemens · blueplanet gridsafe 92.0 TL3-S vers:intdot/<3.91

Siemens · blueplanet hybrid 10.0 TL3 vers:all/*

Siemens · blueplanet hybrid 6.0 NH3-12.0 NH3 vers:all/*

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more