Skip to main content
Cybersecurity

Siemens SIRIUS: Advanced 3SK2 Safety Relays and 3RK3 Modular Safety Systems

Siemens SIRIUS: Advanced 3SK2 Safety Relays and 3RK3 Modular Safety Systems

Siemens SIRIUS Vulnerabilities: Balancing Innovation and Industrial Security

On the dawn of a new era in industrial automation, Siemens’ SIRIUS product line finds itself at the nexus of cutting-edge safety technology and emerging cybersecurity risks. Recent disclosures have raised concerns over vulnerabilities in Siemens’ 3RK3 Modular Safety System and 3SK2 Safety Relays, casting a spotlight on the critical balance between operational functionality and robust security measures in an increasingly connected industrial landscape.

As cybersecurity advisories for industrial control systems (ICS) evolve, this report examines the technical, operational, and strategic dimensions of the vulnerabilities detailed in Siemens’ ProductCERT Security Advisories. With a CVSS v4-score reaching up to 8.7 in some instances, the risks are far from academic. They directly impact sectors such as critical manufacturing worldwide, where safety and reliability are non-negotiable.

In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) declared that updates to ICS security advisories for Siemens product vulnerabilities would cease beyond the initial advisory. For stakeholders in critical infrastructure and industrial networks, this abrupt shift in communication heightens the imperative to remain informed, assess risks rigorously, and adapt security measures accordingly.

Historically, industrial control systems have been viewed through a lens of safety over security. From their inception, safety relays and modular safety systems have provided layers of physical and operational safeguards, often without integrating advanced digital security protocols. However, as industrial networks become tightly integrated with digital enterprise systems, vulnerabilities such as the “Use of a Broken or Risky Cryptographic Algorithm” (CWE-327), “Missing Encryption of Sensitive Data” (CWE-311), and “Incorrect Permission Assignment for Critical Resource” (CWE-732) have emerged as real and pressing concerns.

Siemens, headquartered in Germany and a global leader in industrial solutions, has identified these vulnerabilities across all versions of the SIRIUS 3RK3 Modular Safety System and Safety Relays 3SK2. The issues center on relatively weak password obfuscation, unencrypted data in transit, and insufficient access controls. In practical terms, these weaknesses offer potential pathways for attackers who can intercept critical safety passwords and other sensitive information, thus undercutting the very safety mechanisms designed to prevent operational mishaps.

The technical details have been outlined by the Siemens ProductCERT and corroborated by researchers from Fraunhofer AISEC, including Nikolai Puch, Johanna Latzel, and Ferdinand Jarisch. Each vulnerability, identified and documented under respective CVE numbers (CVE-2025-24007, CVE-2025-24008, and CVE-2025-24009), is illustrative of the evolving threat landscape in industrial cybersecurity. Notably, the vulnerabilities have been rated—with CVE-2025-24007 and CVE-2025-24008 both drawing a CVSS v4 base score of 8.7, and CVE-2025-24009 registering at 8.2—underscoring the urgency for improved security protocols in industrial applications.

At the heart of these advisories is a stark reminder of the inherent vulnerabilities that accompany digital transformation in critical infrastructure. Siemens’ SIRIUS solutions, deployed globally across the critical manufacturing sector, are engineered to meet stringent safety standards. Yet, as the interface between physical operations and network connectivity blurs, the reliance on legacy cryptographic practices and inadequate access controls exposes these systems to new modes of exploitation.

Why does this matter? For industries that underpin the global economy, any breach in safety-critical systems can have cascading effects, potentially leading to operational shutdowns, compromised production lines, or even safety incidents with far-reaching consequences. In an environment where remote exploitation is feasible with low complexity, malicious actors could, in theory, leverage network vulnerabilities to gain unauthorized access, eavesdrop on critical communications, or retrieve safety-critical passwords—thereby eroding trust in the operational integrity of industrial systems.

Industry experts stress the importance of immediate mitigative action. Siemens has, in its advisories, recommended specific countermeasures:

  • Physical Security Measures: Limit physical access to the affected devices, ensuring that only trusted personnel interact with safety-critical components.
  • Network Isolation: Enforce strict network segmentation, particularly isolating the PROFINET interface, to prevent unauthorized access from other parts of the network.

Further, Siemens advises customers to secure network access via appropriate protective mechanisms and to operate these systems within a provisioned secure IT environment. By adhering to operational guidelines for industrial security—an approach detailed on Siemens’ industrial security webpage—organizations can better insulate themselves against potential exploitation.

While Siemens has signaled that fixes for these vulnerabilities in the impacted devices are not immediately available, the company’s proactive publication of and recommendations around these risks reflect an adherence to transparency central to modern cybersecurity practices. It is a reminder that, in a digital age, safety and security can no longer be treated as separate disciplines but must be integrated to protect both operational integrity and human lives.

Reflecting on the implications, it becomes clear that addressing these vulnerabilities is not solely an engineering problem—it is a strategic imperative. Within industrial operations, cybersecurity measures must evolve in tandem with technological advancements. Organizations are encouraged to conduct comprehensive impact analyses and risk assessments prior to deploying new measures, ensuring that security practices scale effectively with their operational environments.

Moreover, the broader ramifications extend into policy-making and regulatory oversight. As cyber threats target ever more critical infrastructure components, national and regional authorities, alongside industry regulators, are pressed to update standards and frameworks that ensure the resilience of industrial operations. The advisories issued by agencies such as CISA underscore the need for a consolidated industrial cybersecurity strategy—a strategy that can align the priorities of technologists, policymakers, and operators alike.

Experts have long warned that the pace of cyber threats is accelerating. As one analyst at the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) succinctly noted in past briefings, “Security vulnerabilities in safety-critical systems are not just technical glitches—they can be the weak link in the chain that holds back an entire industry.” Such voices, echoing the sentiment of industry leaders, serve to underline the risks that these vulnerabilities present, advocating for heightened vigilance without succumbing to undue alarmism.

Peering into the future, the way forward involves not only scheduled hardware and software updates but also the rigorous adoption of comprehensive security frameworks. Organizations must remain attuned to evolving advisories from trusted sources like Siemens ProductCERT and CISA. Public-private collaboration will be paramount in forging resilient infrastructures; after all, industrial cybersecurity is a collective responsibility, shared by manufacturers, operators, and regulators alike.

The story of Siemens SIRIUS vulnerabilities is, in many ways, a microcosm of the broader challenges set before modern industrial systems: a constant, evolving interplay between operational demands and ensuring robust security posture. As industries navigate this new terrain, the guidance offered by experts, the transparency of advisories, and the collective push towards hardened security protocols serve as the cornerstone of trust and resilience in a digital era.

In the final analysis, the integrity of our industrial backbone hinges on vigilance, adaptability, and an ongoing dialogue between technology innovators and cybersecurity professionals. As organizations across the globe face a future defined by rapid digital change, the lessons emerging from Siemens’ latest advisory offer a sober reminder: In a world where connectivity unleashes unprecedented productivity, the costs of neglecting cybersecurity could be profound.