CVE-2026-25786
published 2026-05-12CVE-2026-25786: Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow…
critical9.3CVSS 4.0
AVNACLATNPRHUIPVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface.
This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page.
If a benign user with appropriate rights accesses the "communication" parameters page, the malicious code would be executed in the scope of their web session.
Affected
127 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_drive_controller_cpu_1504d_tf | < V3.1.6 | V3.1.6 |
| siemens | simatic_drive_controller_cpu_1507d_tf | < V3.1.6 | V3.1.6 |
| siemens | simatic_et_200sp_cpu_1510sp-1_pn | < * | * |
| siemens | simatic_et_200sp_cpu_1510sp-1_pn | < V2.9.9 | V2.9.9 |
| siemens | simatic_et_200sp_cpu_1510sp_f-1_pn | < * | * |
| siemens | simatic_et_200sp_cpu_1510sp_f-1_pn | < V2.9.9 | V2.9.9 |
| siemens | simatic_et_200sp_cpu_1512sp-1_pn | < * | * |
| siemens | simatic_et_200sp_cpu_1512sp-1_pn | < V2.9.9 | V2.9.9 |
| siemens | simatic_et_200sp_cpu_1512sp_f-1_pn | < * | * |
| siemens | simatic_et_200sp_cpu_1512sp_f-1_pn | < V2.9.9 | V2.9.9 |
| siemens | simatic_et_200sp_cpu_1514sp-2_pn | < * | * |
| siemens | simatic_et_200sp_cpu_1514sp_f-2_pn | < * | * |
| siemens | simatic_et_200sp_cpu_1514spt-2_pn | < * | * |
| siemens | simatic_et_200sp_cpu_1514spt_f-2_pn | < * | * |
| siemens | simatic_et_200sp_open_controller_cpu_1515sp_pc | < * | * |
| siemens | simatic_et_200sp_open_controller_cpu_1515sp_pc2_v2_cpus | < * | * |
| siemens | simatic_et_200sp_open_controller_cpu_1515sp_pc2_v3_cpus | < * | * |
| siemens | simatic_et_200sp_open_controller_cpu_1515sp_pc3_v4_cpus | < * | * |
| siemens | simatic_s7-1500_cpu_1511-1_pn | < * | * |
| siemens | simatic_s7-1500_cpu_1511-1_pn | < V2.9.9 | V2.9.9 |
| siemens | simatic_s7-1500_cpu_1511c-1_pn | < V2.9.9 | V2.9.9 |
| siemens | simatic_s7-1500_cpu_1511c-1_pn | < * | * |
| siemens | simatic_s7-1500_cpu_1511f-1_pn | < * | * |
| siemens | simatic_s7-1500_cpu_1511f-1_pn | < V2.9.9 | V2.9.9 |
| siemens | simatic_s7-1500_cpu_1511t-1_pn | < V2.9.9 | V2.9.9 |