Siemens Simatic Easie Core Package
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Siemens Simatic Easie Core Package.
By the Year
In 2026 there have been 1 vulnerability in Siemens Simatic Easie Core Package with an average score of 8.8 out of ten. Last year, in 2025 Simatic Easie Core Package had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Simatic Easie Core Package in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.00.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 8.80 |
| 2025 | 1 | 7.80 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 8.30 |
It may take a day or so for new Simatic Easie Core Package vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Siemens Simatic Easie Core Package Security Vulnerabilities
OpenSSL 3.x CMS AuthEnvelopedData AEAD IV stack overflow (v3.6+)
CVE-2025-15467
8.8 - High
- January 27, 2026
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Memory Corruption
DLL Hijacking in Windows Setup Component Enables RCE
CVE-2025-30033
7.8 - High
- August 12, 2025
The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.
DLL preloading
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00)
CVE-2021-44222
9.1 - Critical
- July 12, 2022
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.
Missing Authentication for Critical Function
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00)
CVE-2021-44221
7.5 - High
- July 12, 2022
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Siemens Simatic Easie Core Package or by Siemens? Click the Watch button to subscribe.
