HarborGuard / CVE
Back to search
HIGHCVE-2026-25789Published Modified CNA siemens

CVE-2026-25789: Affected devices do not properly validate and sanitize filenames on the Firmware Update page

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the authenticated user's session without requiring the file to be uploaded, potentially leading to session hijacking or credential theft.

Metrics

CVSS v4.0
7.2
Severity
HIGH
Fixed in
*
Affected Products
175

Fix available

*V2.9.9V3.1.6
Affected packages
  • Siemens / SIMATIC Drive Controller CPU 1504D TF
    < V3.1.6 (from 0)
  • Siemens / SIMATIC Drive Controller CPU 1507D TF
    < V3.1.6 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP F-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1510SP-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP F-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1512SP-1 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1514SP F-2 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1514SP-2 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1514SPT F-2 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP CPU 1514SPT-2 PN
    < * (from 0)
  • Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)
    < * (from 0)
  • Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs
    < * (from 0)
  • Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs
    < * (from 0)
  • Siemens / SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs
    < * (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511-1 PN
    < * (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511-1 PN
    < * (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511C-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511C-1 PN
    < V2.9.9 (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511C-1 PN
    < * (from 0)
  • Siemens / SIMATIC S7-1500 CPU 1511F-1 PN
    < * (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H
References