Unauthorized Access Vulnerability in Web Browsers of Siemens Devices
CVE-2026-27662

7HIGH

Key Information:

Vendor: Siemens
Status: Simatic Hmi Mtp1000 Unified Comfort Panel; Simatic Hmi Mtp1000 Unified Comfort Panel Hygienic; Simatic Hmi Mtp1000 Unified Comfort Panel Hygienic Neutral Design; Simatic Hmi Mtp1000, Unified Comfort Panel Neutral
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-27662?

This vulnerability allows unauthorized access to the web browser of affected Siemens devices through the Control Panel. Without the implementation of appropriate security measures, an attacker with no authentication can exploit this weakness, potentially leading to the identification of backdoors or executing unauthorized commands. The lack of access restrictions may also expose misconfigured settings, further increasing the risks of system compromise and data breaches.

Affected Version(s)

SIMATIC HMI MTP1000 Unified Comfort Panel 0

SIMATIC HMI MTP1000 Unified Comfort Panel hygienic 0

SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3872...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Feb 23, 2026

CVE-2026-27662 Data

JSON