Cross-Site Scripting Vulnerability in Siemens Motion Control Diagnostics
CVE-2026-25787

9.3CRITICAL

Key Information:

Vendor: Siemens
Status: Simatic Drive Controller Cpu 1504d Tf; Simatic Drive Controller Cpu 1507d Tf; Simatic Et 200sp Cpu 1510sp F-1 Pn; Simatic Et 200sp Cpu 1510sp-1 Pn
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-25787?

This vulnerability arises due to inadequate validation and sanitization of Technology Object (TO) names on the 'Motion Control Diagnostics' page of the Siemens web interface. An authenticated user with the rights to download a TIA project may exploit this flaw to inject malicious scripts. If exploited, any user with appropriate permissions viewing the parameters page could unintentionally execute this code within their web session, potentially leading to unauthorized actions or data exposure.

Affected Version(s)

SIMATIC Drive Controller CPU 1504D TF 0

SIMATIC Drive Controller CPU 1507D TF 0

SIMATIC ET 200SP CPU 1510SP F-1 PN 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6881...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Feb 5, 2026

CVE-2026-25787 Data

JSON