OpenSSL Stack Buffer Overflow (CVE-2025-15467) Affects Multiple Siemens Products
CISA's June 23 ICS advisory relays that a stack-based buffer overflow published by OpenSSL — tracked as CVE-2025-15467 for several listed products — allows a remote attacker to cause denial of service or potentially achi.
At a glance
- An OpenSSL stack-based buffer overflow enabling DoS or potential RCE affects multiple Siemens products.
- Affected products include AI Lightweight Inference Server, HiMed Cockpit and RUGGEDCOM RM1224 LTE(4G), with CVE-2025-15467 cited for several.
- Siemens released fixed versions for several products and is preparing further fixes with interim countermeasures.
VERDICT — CONFIRMED
CISA's June 23 ICS advisory relays that a stack-based buffer overflow published by OpenSSL — tracked as CVE-2025-15467 for several listed products — allows a remote attacker to cause denial of service or potentially achieve remote code execution. Affected Siemens products include the AI Lightweight Inference Server, Connector for Azure, Databus, HiMed Cockpit and RUGGEDCOM RM1224 LTE(4G). Siemens has released new versions for several affected products, is preparing further fixes, and recommends specific countermeasures where updates are not yet available.
Key facts on file
- An OpenSSL stack-based buffer overflow enabling DoS or potential RCE affects multiple Siemens products.
- Affected products include AI Lightweight Inference Server, HiMed Cockpit and RUGGEDCOM RM1224 LTE(4G), with CVE-2025-15467 cited for several.
- Siemens released fixed versions for several products and is preparing further fixes with interim countermeasures.