Siemens has issued a security advisory addressing a stack-based buffer overflow vulnerability in OpenSSL that affects more than 80 of its products, spanning industrial routers, switches, wireless access points, and edge computing appliances. The vulnerability, identified as CVE-2025-15467, was originally disclosed by the OpenSSL project and carries the potential for a remote attacker to trigger a denial-of-service condition or, in some scenarios, achieve remote code execution.
Scope of Affected Products
The advisory covers a wide cross-section of the Siemens portfolio. Product families confirmed as affected include:
- RUGGEDCOM RM1224 LTE routers (EU and NAM variants), all versions
- SCALANCE M-series routers (M804PB, M812-1, M816-1, M826-2, M874, M876 families), all versions
- SCALANCE MUB, MUM, and MUM856 cellular router families, all versions
- SCALANCE SC600 security appliances (SC622-2C through SC646-2C), all versions
- SCALANCE WAM and WUM 763/766 wireless access points, all versions
- SCALANCE XC and XR managed switch families, all versions
- SCALANCE LPE9403, LPE9413, LPE9433 edge processing units, all versions
- Connector for Azure, versions prior to 1.8.0
- Databus, versions prior to 3.3.2
- AI Lightweight Inference Server and HiMed Cockpit, all versions
Patches and Mitigations
Siemens has released updated versions for several affected products, including Connector for Azure (version 1.8.0 and later) and Databus (version 3.3.2 and later). For the broader set of SCALANCE, RUGGEDCOM, and other affected devices where fixes are not yet available, Siemens recommends applying specific countermeasures while remediation is prepared. The advisory directs operators to consult Siemens ProductCERT guidance for product-specific mitigation steps.
Recommended Actions
Security teams managing Siemens industrial network infrastructure should prioritize the following steps:
- Update Connector for Azure to version 1.8.0 or later, and Databus to 3.3.2 or later, where applicable.
- Apply vendor-recommended countermeasures on all devices for which patches are not yet released.
- Restrict network access to affected devices, particularly limiting exposure to untrusted remote sources, as the vulnerability is remotely exploitable.
- Monitor Siemens ProductCERT and CISA ICS advisories for updated patch availability across the remaining product lines.
Given the breadth of affected product families and the potential for remote code execution, organizations with Siemens industrial networking equipment should treat this advisory as high priority, even where only a denial-of-service outcome is considered likely in their specific deployment context.
