SDIS
Company Details
Linkedin ID:
siemenssoftware
Website:
Employees number:
20,067
Number of followers:
899,505
NAICS:
5112
Industry Type:
Homepage:
siemens.com
IP Addresses:
0
Company ID:
SIE_8821907
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Siemens Digital Industries Software Vendor Cyber Rating & Cyber Score
siemens.comWe help organizations of all sizes digitally transform using software, hardware and services from the Siemens Xcelerator business platform. Our software and the comprehensive digital twin enable companies to optimize their design, engineering and manufacturing processes to turn today's ideas into the sustainable products of the future. From chips to entire systems, from product to process, across all industries. We help transform the everyday as part of @Siemens, To learn more, visit http://sw.siemens.com.
Siemens Digital Industries Software A.I CyberSecurity Scoring
SDIS Risk Score (AI oriented)Between 750 and 799
SDIS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SDIS Global Score (TPRM)XXXX
SDIS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SDIS Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Dimensional Control SystemsDimensional Control Systems (DCS)
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A ransomware group, J Group, claimed a major breach of Dimensional Control Systems (DCS), a Michigan-based provider of dimensional engineering software critical to manufacturing giants like Boeing, Samsung, Volkswagen, and Airbus. The attackers allegedly exfiltrated 11GB of sensitive data, including financial records, employee information, and proprietary operational documents, posting samples on the dark web as leverage for ransom demands. The breach poses severe risks to supply chain security, potentially exposing intellectual property (e.g., aerospace designs, manufacturing tolerances) and disrupting operations for high-profile clients. Boeing’s involvement raises national security concerns due to its defense contracts, while Samsung’s prior breaches compound vulnerabilities. Though DCS has not publicly confirmed the attack, cybersecurity experts warn of cascading risks including regulatory fines (e.g., GDPR for Volkswagen), legal actions, and reputational damage if client data was compromised. The incident underscores the growing threat of third-party vendor attacks, where a single breach can jeopardize an entire industrial ecosystem.
Siemens
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Siemens has disclosed a critical vulnerability in SINAMICS S200 drive systems that could lead to a complete system compromise. The vulnerability, tracked as CVE-2024-56336, exposes affected devices to unauthorized manipulation of industrial processes, equipment damage, disruptions, and data theft due to an unlocked bootloader, which allows attackers to install malicious code without authentication. The risk is exacerbated by the device's wide use in critical industrial, manufacturing, energy, and infrastructure sectors. Although Siemens has not released a fix, it urges customers to implement network segregation and monitor systems while it works on a remedy.
SDIS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SDIS
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Siemens Digital Industries Software in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Siemens Digital Industries Software in 2026.
Incident Types SDIS vs Software Development Industry Avg (This Year)
No incidents recorded for Siemens Digital Industries Software in 2026.
Incident History — SDIS (X = Date, Y = Severity)
SDIS cyber incidents detection timeline including parent company and subsidiaries
SDIS Company Subsidiaries
We help organizations of all sizes digitally transform using software, hardware and services from the Siemens Xcelerator business platform. Our software and the comprehensive digital twin enable companies to optimize their design, engineering and manufacturing processes to turn today's ideas into the sustainable products of the future. From chips to entire systems, from product to process, across all industries. We help transform the everyday as part of @Siemens, To learn more, visit http://sw.siemens.com.
Loading...
SDIS Similar Companies
Lazada
About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the regio
ServiceNow
ServiceNow (NYSE: NOW) makes the world work better for everyone. Our cloud-based platform and solutions help digitize and unify organizations so that they can find smarter, faster, better ways to make work flow. So employees and customers can be more connected, more innovative, and more agile. And w
Dassault Systèmes
Dassault Systèmes is a catalyst for human progress. Since 1981, the company has pioneered virtual worlds to improve real life for consumers, patients and citizens. With Dassault Systèmes’ 3DEXPERIENCE platform, 370,000 customers of all sizes, in all industries, can collaborate, imagine and create
Bosch Global Software Technologies
With our unique ability to offer end-to-end solutions that connect the three pillars of IoT - Sensors, Software, and Services, we enable businesses to move from the traditional to the digital, or improve businesses by introducing a digital element in their products and processes. Now more than ever
Amazon Fulfillment Technologies & Robotics
On the Fulfillment Technologies & Robotics Team, we build dynamic partnerships between people and intelligent machines. This intricate collaboration helps Amazon fulfill orders with unmatched accuracy. Since we began working with robotics, we've added over a million new jobs worldwide. Working in s
JD.com, also known as JINGDONG, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.com’s business has expanded across retail, technology, logistics, health, property development, industrials, and international business. Ranking 44
Wolt
Wolt is a Helsinki-based technology company with a mission to bring joy, simplicity and earnings to the neighborhoods of the world. Wolt develops a local commerce platform that connects people looking to order food, groceries, and other goods with people interested in selling and delivering them. Wo
Walmart Global Tech
Walmart has a long history of transforming retail and using technology to deliver innovations that improve how the world shops and empower our 2.1 million associates. It began with Sam Walton and continues today with Global Tech associates working together to power Walmart and lead the next retail d
SAP is the leading enterprise application and business AI company. We stand at the intersection of business and technology, where our innovations are designed to directly address real business challenges and produce real-world impacts. Our solutions are the backbone for the world’s most complex and
.png)
SDIS CyberSecurity News
March 25, 2026 12:03 PM
Siemens Validates TXOne Stellar Again for WinCC OA, Strengthening Cybersecurity in Industrial SCADA Systems
TAIPEI, Taiwan – March 25th, 2026 – TXOne Networks, a leader in cyber-physical systems (CPS) security, today announced that TXOne Stellar has once again...
March 20, 2026 10:46 AM
Siemens Share Price Under Pressure from Planned Divestment
Siemens AG is embarking on a major strategic shift that is prompting investors to reassess the conglomerate's value.
March 04, 2026 08:00 AM
Siemens delivers verified AI-driven cybersecurity solution for Ind ...
Today at Mobile World Congress 2026, Siemens announced a verified cybersecurity solution for industrial private 5G Networks in collaboration...
March 04, 2026 08:00 AM
Siemens and Palo Alto build AI shield for factory 5G networks
Siemens and Palo Alto Networks (PANW) launched a verified AI-optimized cybersecurity solution for industrial private 5G on March 4, 2026.
February 26, 2026 01:46 PM
Support and solutions for the NIS2 Directive
We support you with comprehensive industrial cybersecurity solutions and advice if your company is affected by the NIS2 Directive in the EU.
February 13, 2026 06:22 PM
Strengthening Grid Cybersecurity with Enemalta
Discover how Siemens and Enemalta strengthen the Maltese power grid with OT Companion for secure and digital energy management.
February 13, 2026 02:48 PM
Complete your OT Cybersecurity journey with us
Today, Industrial & infrastructure environments need more than generic IT security - they need purpose built, end-to-end protection. Siemens delivers IEC...
February 13, 2026 12:44 PM
Siemens Electronics Works Amberg (EWA)
The Siemens Electronics Works Amberg (EWA) was founded in 1989 and manufactures products that include Simatic programmable logic controllers (PLCs).
February 12, 2026 08:00 AM
Emerson Electric: The Quiet Infrastructure Powerhouse Behind the Next Industrial Upgrade
Emerson Electric is turning from old?guard industrial into a software?defined automation platform, quietly wiring factories, energy grids,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SDIS CyberSecurity History Information
Official Website of Siemens Digital Industries Software
The official website of Siemens Digital Industries Software is https://www.sw.siemens.com/.
Siemens Digital Industries Software’s AI-Generated Cybersecurity Score
According to Rankiteo, Siemens Digital Industries Software’s AI-generated cybersecurity score is 796, reflecting their Fair security posture.
How many security badges does Siemens Digital Industries Software’ have ?
According to Rankiteo, Siemens Digital Industries Software currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Siemens Digital Industries Software been affected by any supply chain cyber incidents ?
According to Rankiteo, Siemens Digital Industries Software has been affected by a supply chain cyber incident involving Dimensional Control Systems, with the incident ID DIM4992449100425.
Does Siemens Digital Industries Software have SOC 2 Type 1 certification ?
According to Rankiteo, Siemens Digital Industries Software is not certified under SOC 2 Type 1.
Does Siemens Digital Industries Software have SOC 2 Type 2 certification ?
According to Rankiteo, Siemens Digital Industries Software does not hold a SOC 2 Type 2 certification.
Does Siemens Digital Industries Software comply with GDPR ?
According to Rankiteo, Siemens Digital Industries Software is not listed as GDPR compliant.
Does Siemens Digital Industries Software have PCI DSS certification ?
According to Rankiteo, Siemens Digital Industries Software does not currently maintain PCI DSS compliance.
Does Siemens Digital Industries Software comply with HIPAA ?
According to Rankiteo, Siemens Digital Industries Software is not compliant with HIPAA regulations.
Does Siemens Digital Industries Software have ISO 27001 certification ?
According to Rankiteo,Siemens Digital Industries Software is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Siemens Digital Industries Software
Siemens Digital Industries Software operates primarily in the Software Development industry.
Number of Employees at Siemens Digital Industries Software
Siemens Digital Industries Software employs approximately 20,067 people worldwide.
Subsidiaries Owned by Siemens Digital Industries Software
Siemens Digital Industries Software presently has no subsidiaries across any sectors.
Siemens Digital Industries Software’s LinkedIn Followers
Siemens Digital Industries Software’s official LinkedIn profile has approximately 899,505 followers.
NAICS Classification of Siemens Digital Industries Software
Siemens Digital Industries Software is classified under the NAICS code 5112, which corresponds to Software Publishers.
Siemens Digital Industries Software’s Presence on Crunchbase
No, Siemens Digital Industries Software does not have a profile on Crunchbase.
Siemens Digital Industries Software’s Presence on LinkedIn
Yes, Siemens Digital Industries Software maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/siemenssoftware.
Cybersecurity Incidents Involving Siemens Digital Industries Software
As of April 02, 2026, Rankiteo reports that Siemens Digital Industries Software has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Siemens Digital Industries Software has an estimated 29,309 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Siemens Digital Industries Software ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Vulnerability.
How does Siemens Digital Industries Software detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with network segregation, containment measures with monitoring systems, and and and incident response plan activated with likely (internal investigations underway), and communication strategy with silence (no public confirmation), communication strategy with potential client notifications under data breach laws..
Incident Details
Can you provide details on each incident ?
Title: Critical Vulnerability in Siemens SINAMICS S200 Drive Systems
Description: A critical vulnerability in Siemens SINAMICS S200 drive systems, tracked as CVE-2024-56336, exposes affected devices to unauthorized manipulation of industrial processes, equipment damage, disruptions, and data theft due to an unlocked bootloader, which allows attackers to install malicious code without authentication.
Type: Vulnerability
Attack Vector: Unlocked bootloader
Vulnerability Exploited: CVE-2024-56336
Title: Ransomware Attack on Dimensional Control Systems (DCS) by J Group
Description: The ransomware group J Group claimed a major breach of Dimensional Control Systems (DCS), a Michigan-based software provider for Boeing, Samsung, Volkswagen, and Airbus. The hackers assert they exfiltrated 11GB of sensitive files, including financial records and employee information, and posted samples on the dark web as leverage for ransom demands. The breach, if confirmed, could compromise supply chain security for DCS’s high-profile clients, raising concerns about intellectual property theft and operational disruptions. DCS has not publicly confirmed the intrusion, but internal investigations are reportedly underway.
Type: ransomware
Threat Actor: J Group
Motivation: financial gain (ransom)data theft for leverage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability SIE903031625
Systems Affected: SINAMICS S200 drive systems
Operational Impact: Equipment damageDisruptionsData theft
Incident : ransomware DIM4992449100425
Data Compromised: Financial records, Employee information, Internal documents, Proprietary designs (potential), Operational data (potential)
Operational Impact: potential disruption to precision manufacturing processes for clients (Boeing, Samsung, Volkswagen, Airbus)supply chain security risks
Brand Reputation Impact: potential damage due to association with high-profile clients (e.g., Boeing, Airbus)loss of trust in supply chain security
Legal Liabilities: potential fines under GDPR (for Volkswagen)regulatory scrutiny (e.g., FAA for Boeing)legal actions from affected clients
Identity Theft Risk: ['employee information exposed']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Financial Records, Employee Information, Internal Documents, Potential Proprietary Designs and .
Which entities were affected by each incident ?
Incident : Vulnerability SIE903031625
Entity Name: Siemens
Entity Type: Company
Industry: Industrial, Manufacturing, Energy, Infrastructure
Incident : ransomware DIM4992449100425
Entity Name: Dimensional Control Systems (DCS)
Entity Type: software provider
Industry: dimensional engineering/manufacturing
Location: Michigan, USA
Customers Affected: Boeing, Samsung, Volkswagen, Airbus
Incident : ransomware DIM4992449100425
Entity Name: Boeing
Entity Type: aerospace manufacturer
Industry: defense/aerospace
Location: USA
Incident : ransomware DIM4992449100425
Entity Name: Samsung
Entity Type: electronics manufacturer
Industry: technology/consumer electronics
Location: South Korea
Incident : ransomware DIM4992449100425
Entity Name: Volkswagen
Entity Type: automotive manufacturer
Industry: automotive
Location: Germany
Incident : ransomware DIM4992449100425
Entity Name: Airbus
Entity Type: aerospace manufacturer
Industry: defense/aerospace
Location: France
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability SIE903031625
Containment Measures: Network segregationMonitoring systems
Network Segmentation: True
Incident : ransomware DIM4992449100425
Incident Response Plan Activated: likely (internal investigations underway)
Communication Strategy: silence (no public confirmation)potential client notifications under data breach laws
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as likely (internal investigations underway).
Data Breach Information
What type of data was compromised in each breach ?
Incident : ransomware DIM4992449100425
Type of Data Compromised: Financial records, Employee information, Internal documents, Potential proprietary designs
Sensitivity of Data: high (includes supply chain and manufacturing data for defense/aerospace clients)
Data Exfiltration: claimed (11GB of data)
File Types Exposed: financial recordsemployee datascreenshotsinternal documents
Personally Identifiable Information: employee information
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by network segregation, monitoring systems and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : ransomware DIM4992449100425
Data Exfiltration: claimed (11GB)
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : ransomware DIM4992449100425
Regulations Violated: potential GDPR (for Volkswagen), potential FAA scrutiny (for Boeing),
Regulatory Notifications: potential notifications under data breach laws
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware DIM4992449100425
Lessons Learned: Enhanced vendor risk management is critical for supply chain security., Zero-trust architectures may mitigate cascading risks from third-party breaches., Proactive measures (e.g., penetration testing, encrypted data silos) are essential for high-value targets in manufacturing., Supply chain attacks can ripple through global ecosystems, underscoring the need for resilience.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability SIE903031625
Recommendations: Implement network segregation, Monitor systemsImplement network segregation, Monitor systems
Incident : ransomware DIM4992449100425
Recommendations: Conduct rigorous audits of third-party security protocols., Adopt zero-trust frameworks to limit lateral movement in supply chain attacks., Implement regular penetration testing and red team exercises for vendors., Segment networks to isolate high-value systems (e.g., proprietary manufacturing data)., Enhance monitoring for dark web leaks involving supply chain partners., Develop incident response plans specifically for third-party breaches.Conduct rigorous audits of third-party security protocols., Adopt zero-trust frameworks to limit lateral movement in supply chain attacks., Implement regular penetration testing and red team exercises for vendors., Segment networks to isolate high-value systems (e.g., proprietary manufacturing data)., Enhance monitoring for dark web leaks involving supply chain partners., Develop incident response plans specifically for third-party breaches.Conduct rigorous audits of third-party security protocols., Adopt zero-trust frameworks to limit lateral movement in supply chain attacks., Implement regular penetration testing and red team exercises for vendors., Segment networks to isolate high-value systems (e.g., proprietary manufacturing data)., Enhance monitoring for dark web leaks involving supply chain partners., Develop incident response plans specifically for third-party breaches.Conduct rigorous audits of third-party security protocols., Adopt zero-trust frameworks to limit lateral movement in supply chain attacks., Implement regular penetration testing and red team exercises for vendors., Segment networks to isolate high-value systems (e.g., proprietary manufacturing data)., Enhance monitoring for dark web leaks involving supply chain partners., Develop incident response plans specifically for third-party breaches.Conduct rigorous audits of third-party security protocols., Adopt zero-trust frameworks to limit lateral movement in supply chain attacks., Implement regular penetration testing and red team exercises for vendors., Segment networks to isolate high-value systems (e.g., proprietary manufacturing data)., Enhance monitoring for dark web leaks involving supply chain partners., Develop incident response plans specifically for third-party breaches.Conduct rigorous audits of third-party security protocols., Adopt zero-trust frameworks to limit lateral movement in supply chain attacks., Implement regular penetration testing and red team exercises for vendors., Segment networks to isolate high-value systems (e.g., proprietary manufacturing data)., Enhance monitoring for dark web leaks involving supply chain partners., Develop incident response plans specifically for third-party breaches.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Enhanced vendor risk management is critical for supply chain security.,Zero-trust architectures may mitigate cascading risks from third-party breaches.,Proactive measures (e.g., penetration testing, encrypted data silos) are essential for high-value targets in manufacturing.,Supply chain attacks can ripple through global ecosystems, underscoring the need for resilience.
References
Where can I find more information about each incident ?
Incident : ransomware DIM4992449100425
Source: TechRadar
Incident : ransomware DIM4992449100425
Source: Cybernews
Incident : ransomware DIM4992449100425
Source: TechCrunch (Samsung 2023 breach)
Incident : ransomware DIM4992449100425
Source: Cyber Daily
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: TechRadar, and Source: Cybernews, and Source: TechCrunch (Samsung 2023 breach), and Source: Cyber Daily.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : ransomware DIM4992449100425
Investigation Status: ongoing (internal investigations by DCS, no public confirmation)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Silence (No Public Confirmation) and Potential Client Notifications Under Data Breach Laws.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : ransomware DIM4992449100425
Customer Advisories: potential forthcoming notifications to clients (Boeing, Samsung, Volkswagen, Airbus)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Potential Forthcoming Notifications To Clients (Boeing, Samsung, Volkswagen, Airbus) and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : ransomware DIM4992449100425
High Value Targets: Boeing (Aerospace/Defense Data), Samsung (Electronics Manufacturing Data), Volkswagen (Automotive Data), Airbus (Aerospace Data),
Data Sold on Dark Web: Boeing (Aerospace/Defense Data), Samsung (Electronics Manufacturing Data), Volkswagen (Automotive Data), Airbus (Aerospace Data),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability SIE903031625
Root Causes: Unlocked bootloader
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an J Group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were financial records, employee information, internal documents, proprietary designs (potential), operational data (potential) and .
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Network segregationMonitoring systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were internal documents, proprietary designs (potential), employee information, operational data (potential) and financial records.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Supply chain attacks can ripple through global ecosystems, underscoring the need for resilience.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Conduct rigorous audits of third-party security protocols., Implement network segregation, Segment networks to isolate high-value systems (e.g., proprietary manufacturing data)., Implement regular penetration testing and red team exercises for vendors., Enhance monitoring for dark web leaks involving supply chain partners., Monitor systems, Develop incident response plans specifically for third-party breaches. and Adopt zero-trust frameworks to limit lateral movement in supply chain attacks..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Cybernews, TechRadar, Cyber Daily and TechCrunch (Samsung 2023 breach).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (internal investigations by DCS, no public confirmation).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an potential forthcoming notifications to clients (Boeing, Samsung, Volkswagen and Airbus).
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=siemenssoftware' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
