Siemens SIMATIC S7 Vulnerability Exposes XSS Flaws

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Siemens SIMATIC S7 Web Servers. The affected products include the SIMATIC Drive Controller (CPU 1504D/1507D TF) and the SIMATIC ET 200SP Open Controller (PC2/PC3) within version unspecified. The vulnerabilities are categorized as Cross-Site Scripting (XSS) flaws, which pose a significant risk to industrial automation environments globally. These critical vulnerabilities can lead to business disruptions, financial losses, and compromised sensitive information, ultimately impacting an organization's reputation and customer trust.[emaillocker id="1283"]

• CVE-2026-25786 with a CVSS score of 9.3 – This flaw involves the failure to validate station names on the "communication" parameters page, allowing an authenticated attacker to inject malicious scripts into the page.
• CVE-2026-25787 with a CVSS score of 9.3 – A similar issue exists on the "Motion Control Diagnostics" page, where Technology Object (TO) names are not properly sanitized, making it possible for an attacker to inject malicious code.
• CVE-2026-25789 with a CVSS score of 7.2 – This vulnerability targets the "Firmware Update" page, where attackers can use social engineering to trick a user into selecting a modified file, resulting in malicious JavaScript execution in the context of the authenticated user's session.

These vulnerabilities pose a significant threat to industrial automation environments and could have severe business consequences if exploited. If left unaddressed, these flaws could lead to compromised systems, stolen sensitive information, and damage to an organization's reputation and customer trust.

RECOMMENDATION:

• We recommend you update Siemens SIMATIC S7 to the latest available version, which is currently version 20.2 (SP3) or later.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/siemens-simatic-s7-plc-xss-vulnerability-ssa-688146/