What is CVE-2021-39275 in Siemens products?

CVE-2021-39275 is a critical out-of-bounds write vulnerability with CVSS score 9.8. The ap_escape_quotes() function may write beyond the end of a buffer when given malicious input, potentially enabling remote code execution on affected Siemens industrial network management systems.

What is CVE-2021-40438 affecting Siemens systems?

CVE-2021-40438 is a server-side request forgery vulnerability with CVSS score 9.0. A crafted request URI-path can cause mod_proxy to forward requests to origin servers chosen by remote attackers, potentially compromising network security in industrial environments.

What is CVE-2021-34798 in Siemens industrial products?

CVE-2021-34798 is a NULL pointer dereference vulnerability with CVSS score 7.5. Malformed requests may cause the server to dereference a NULL pointer, leading to denial-of-service conditions that could disrupt industrial network operations.

Which Siemens products are affected by these vulnerabilities?

The affected Siemens products include RUGGEDCOM NMS (all versions when using device firmware upgrade mechanism), SINEC NMS (versions prior to V1.0.3), SINEMA Remote Connect Server (versions prior to V3.1), and SINEMA Server V14 (all versions).

Are fixes available for all affected Siemens products?

No, fixes are not available for all products. SINEC NMS V1.0.3 and later, and SINEMA Remote Connect Server V3.1 and later are not affected. However, RUGGEDCOM NMS and SINEMA Server V14 are marked as having no fix planned at the time of the advisory.

What causes these vulnerabilities in Siemens industrial products?

The vulnerabilities stem from Apache HTTP Server software versions 2.4.48 and earlier that are embedded within Siemens' industrial networking products. This represents a supply chain security issue where third-party component vulnerabilities affect industrial control systems.

What should organizations do about these Siemens vulnerabilities?

Organizations should immediately update to SINEC NMS V1.0.3 or later and SINEMA Remote Connect Server V3.1 or later where fixes are available. For products without fixes (RUGGEDCOM NMS and SINEMA Server V14), operators must apply network restrictions and other compensating controls.

What mitigation strategies are recommended for Siemens products without fixes?

For RUGGEDCOM NMS and SINEMA Server V14 with no planned fixes, operators should implement network restrictions, access controls, firewall rules to limit exposure, monitor for suspicious activity, and apply defense-in-depth strategies to reduce attack surface until fixes become available.

What is the impact potential of these Siemens industrial vulnerabilities?

The impact potential is severe, with CVSS scores ranging from 7.5 to 9.8. Attackers could potentially achieve remote code execution, perform server-side request forgery attacks, or cause denial-of-service conditions that could disrupt critical industrial operations and compromise industrial network security.

Advisory

Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems

Q: What are the Siemens industrial network management vulnerabilities?

Siemens has disclosed critical security vulnerabilities affecting multiple industrial network management products, including RUGGEDCOM NMS, SINEC NMS, and SINEMA systems. The vulnerabilities were identified in Apache HTTP Server software versions 2.4.48 and earlier, which are embedded within these Siemens industrial networking products.

published: Sept. 16, 2025

Take action: If you're using Siemens industrial network products, make sure they are isolated from the internet and accessible only from trusted networks. Then plan update for SINEC NMS to V1.0.3+ and SINEMA Remote Connect Server to V3.1+. For RUGGEDCOM NMS and SINEMA Server V14 there are no planned fixes. All you can do isolate them, then check with the vendor again.

Learn More

CISA warns of critical security vulnerabilities affecting multiple Siemens industrial network management products, including RUGGEDCOM NMS, SINEC NMS, and SINEMA systems.

The vulnerabilities were identified in Apache HTTP Server software versions 2.4.48 and earlier, which are embedded within Siemens' industrial networking products.

Vulnerabilities summary:

CVE-2021-39275 (CVSS score 9.8) - Out-of-bounds Write . The ap_escape_quotes() function may write beyond the end of a buffer when given malicious input, potentially enabling remote code execution.
CVE-2021-40438 (CVSS score 9.0) - Server-Side Request Forgery. A crafted request URI-path can cause mod_proxy to forward requests to origin servers chosen by remote attackers.
CVE-2021-34798 (CVSS score 7.5) - NULL Pointer Dereference. Malformed requests may cause the server to dereference a NULL pointer, leading to denial-of-service conditions.

The affected Siemens products and versions include:

RUGGEDCOM NMS (all versions when using the device firmware upgrade mechanism),
SINEC NMS (versions prior to V1.0.3),
SINEMA Remote Connect Server (versions prior to V3.1),
SINEMA Server V14 (all versions). For some products, Siemens has released updates, while others currently have no fix planned and must rely on compensating controls

Versions that are not affected include SINEC NMS V1.0.3 and later versions, and SINEMA Remote Connect Server V3.1 and later versions. RUGGEDCOM NMS and SINEMA Server V14 are marked as having no fix planned at the time of the advisory, requiring operators to apply network restrictions and other mitigations

Critical Apache HTTP Server vulnerabilities reported in Siemens Industrial Network Management Systems

Read More
Germany’s CERT@VDE reports critical flaws in mbNET.mini and …
Siemens releases January patch, including fixes for 7 …
Multiple vulnerabilities reported in Hitachi Energy Asset Suite, …
Mirai Botnet variant exploits TBK DVR Devices flaw
Critical vulnerabilities patched in CyberData 011209 SIP Emergency …