CVE-2026-25787

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-25787
StatePUBLISHED
Assignersiemens
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-12 10:16:44 UTC
Updated2026-05-12 14:19:41 UTC
DescriptionAffected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "Motion Control Diagnostics" parameters page, the malicious code would be executed in the scope of their web session.

Risk And Classification

Primary CVSS: v4.0 9.3 CRITICAL from [email protected]

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS: 0.000440000 probability, percentile 0.133910000 (date 2026-05-12)

Problem Types: CWE-79 | CWE-79 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VersionSourceTypeScoreSeverityVector
4.0[email protected]Secondary9.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/C...
4.0CNADECLARED9.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3.1[email protected]Primary9.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.1CNADECLARED9.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0 Breakdown

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
Passive
Confidentiality
High
Integrity
High
Availability
High
Sub Conf.
High
Sub Integrity
High
Sub Availability
High

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS v3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Siemens SIMATIC Drive Controller CPU 1504D TF affected V3.1.6 custom Not specified
CNA Siemens SIMATIC Drive Controller CPU 1507D TF affected V3.1.6 custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1510SP F-1 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1510SP F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1510SP F-1 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1510SP-1 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1510SP-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1510SP-1 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1512SP F-1 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1512SP F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1512SP F-1 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1512SP-1 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1512SP-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1512SP-1 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1514SP F-2 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1514SP-2 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1514SPT F-2 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP CPU 1514SPT-2 PN affected * custom Not specified
CNA Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC Incl. SIPLUS Variants affected * custom Not specified
CNA Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Incl. SIPLUS Variants V2 CPUs affected * custom Not specified
CNA Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Incl. SIPLUS Variants V3 CPUs affected * custom Not specified
CNA Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511C-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511C-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511C-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511F-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511F-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511T-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511T-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511TF-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1511TF-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1512C-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1512C-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1512C-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513F-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513F-1 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513pro F-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1513pro-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515F-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515F-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515F-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515F-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515T-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515T-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515TF-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1515TF-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516pro F-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516pro-2 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516T-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516T-3 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516TF-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1516TF-3 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1517-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1517-3 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1517F-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1517F-3 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1517F-3 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1517T-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1517T-3 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1517TF-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1517TF-3 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518F-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518T-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518T-4 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518TF-3 PN affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU 1518TF-4 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK affected * custom Not specified
CNA Siemens SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK affected * custom Not specified
CNA Siemens SIMATIC S7-1500 ET 200pro CPU 1513PRO F-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 ET 200pro CPU 1513PRO-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 ET 200pro CPU 1516PRO F-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 ET 200pro CPU 1516PRO-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1507S F V2 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1507S F V3 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1507S F V4 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1507S V2 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1507S V3 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1507S V4 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1508S F V2 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1508S F V3 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1508S F V4 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1508S T V3 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1508S TF V3 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1508S V2 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1508S V3 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller CPU 1508S V4 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller Linux V2 affected * custom Not specified
CNA Siemens SIMATIC S7-1500 Software Controller Linux V3 affected * custom Not specified
CNA Siemens SIMATIC S7-PLCSIM Advanced affected * custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1510SP-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1510SP-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1510SP-1 PN RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1510SP-1 PN RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN affected * custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1512SP-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1512SP-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1512SP-1 PN RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS ET 200SP CPU 1512SP-1 PN RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511-1 PN affected * custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511-1 PN TX RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511-1 PN TX RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511F-1 PN affected * custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1511F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1513-1 PN affected * custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1513-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1513-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1513-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1513-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1513F-1 PN affected * custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1513F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1513F-1 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1515F-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1515F-2 PN affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1515F-2 PN RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP affected * custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP affected * custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP affected * custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL affected V2.9.9 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP affected V3.1.6 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.6 custom Not specified
CNA Siemens SIPLUS S7-1500 CPU 1518F-4 PN/DP affected V3.1.6 custom Not specified

References

ReferenceSourceLinkTags
cert-portal.siemens.com/productcert/html/ssa-688146.html [email protected] cert-portal.siemens.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report