HarborGuard / CVE
Back to search
CRITICALCVE-2026-25787Published Modified CNA siemens

CVE-2026-25787: Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "Motion Control Diagnostics" parameters page, the malicious code would be executed in the scope of their web session.

Metrics

CVSS v4.0
9.3
Severity
CRITICAL
Fixed in
*
Affected Products
175

Fix available

*V2.9.9V3.1.6
Affected packages
  • Siemens / SIMATIC Drive Controller CPU 1504D TF
    < V3.1.6 (from 0)
  • Siemens / SIMATIC Drive Controller CPU 1507D TF
    < V3.1.6 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
    < * (from 0)
  • Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs
    < * (from 0)
  • Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs
    < * (from 0)
  • Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs
    < * (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511-1 PN
    < * (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511-1 PN
    < * (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511C-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511C-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511C-1 PN
    < * (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511F-1 PN
    < * (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References