Ddos 
Siemens ProductCERT issued an urgent security advisory regarding multiple Cross-Site Scripting (XSS) vulnerabilities found within the web servers of its powerhouse SIMATIC S7 PLC lineup. With CVSS v4.0 base scores reaching as high as 9.3, these flaws represent a significant risk to industrial automation environments across the globe.
The advisory, SSA-688146, details how attackers could exploit improperly sanitized inputs to inject malicious code into the PLC’s web interface.
- CVE-2026-25786 (CVSS 9.3): This flaw involves the failure to validate station names on the “communication” parameters page. According to the advisory, this “could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page”.
- CVE-2026-25787 (CVSS 9.3): A similar issue exists on the “Motion Control Diagnostics” page, where Technology Object (TO) names are not properly sanitized.
- CVE-2026-25789 (CVSS 7.2): This vulnerability targets the “Firmware Update” page. Attackers could use social engineering to trick a user into selecting a modified file, resulting in “malicious JavaScript execution in the context of the authenticated user’s session without requiring the file to be uploaded”.
The danger of these XSS attacks lies in their ability to execute within the scope of a legitimate user’s session. If a “benign user with appropriate rights” accesses the compromised pages, the malicious code springs into action, potentially leading to session hijacking, credential theft, or unauthorized control.
The list of affected hardware is extensive, spanning critical infrastructure across manufacturing, food and beverage, and chemical industries.
| Affected Product Family | Status | Remediation |
| SIMATIC Drive Controller (CPU 1504D/1507D TF) | Action Needed | Update to V3.1.6 or later immediately. |
| SIMATIC ET 200SP Open Controller (PC2/PC3) | At Risk | No fix currently available; follow mitigations. |
| SIMATIC S7-PLCSIM Advanced | At Risk | No fix currently available; follow mitigations. |
Siemens is currently “preparing further fix versions” but recommends immediate defensive posture changes where updates are not yet live.
- Restrict Project Access: Only trusted personnel should be authorized to perform TIA project downloads.
- Guard Firmware Updates: Limit access to firmware update rights to instructed personnel only.
- Network Protection: As a general measure, Siemens “strongly recommends to protect network access to devices with appropriate mechanisms”.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
