SQL Injection Vulnerability in Blueplanet Products by Siemens
CVE-2026-41125

5.9MEDIUM

Key Information:

Vendor: Siemens
Status: Blueplanet 100 Nx3 M8; Blueplanet 100 Tl3 Gen2; Blueplanet 105 Tl3; Blueplanet 105 Tl3 Gen2
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-41125?

A vulnerability in Siemens' Blueplanet products allows an authorized attacker to exploit improper neutralization of special elements used in SQL commands. This SQL injection flaw, affecting multiple models across the Blueplanet range, can lead to unauthorized privilege escalation within a local network, potentially compromising the integrity and confidentiality of the system.

Affected Version(s)

blueplanet 100 NX3 M8 0

blueplanet 100 TL3 GEN2 0

blueplanet 105 TL3 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5456...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 17, 2026

CVE-2026-41125 Data

JSON