Aggregator

供应链入侵的早期阶段与维护者争议从外部看起来几乎一模一样。两者都可能涉及意外发布、权限变更以及相互矛盾的公开声明。

Checkmarx 公司第二次安全事件发生的如此之快，说明该团伙正在活跃观察再次进入的入口点、测试之前修复方案的深度并加以利用任何弱点。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A vulnerability was found in Siemens blueplanet 100 NX3 M8, blueplanet 100 TL3 GEN2, blueplanet 105 TL3, blueplanet 105 TL3 GEN2, blueplanet 110 TL3, blueplanet 125 NX3 M11, blueplanet 125 TL3, blueplanet 125 TL3 GEN2, blueplanet 137 TL3, blueplanet 150 TL3, blueplanet 150 TL3 GEN2, blueplanet 155 TL3, blueplanet 155 TL3 GEN2, blueplanet 165 TL3, blueplanet 165 TL3 GEN2, blueplanet 25.0 NX3-33.0 NX3, blueplanet 3.0 NX3-20.0 NX3, blueplanet 3.0-5.0 NX1, blueplanet 360 NX3 M6, blueplanet 50.0 NX3-60.0 NX3, blueplanet 87.0 TL3, blueplanet 87.0 TL3 GEN2, blueplanet 92.0 TL3, blueplanet 92.0 TL3 GEN2, blueplanet gridsafe 110 TL3-S, blueplanet gridsafe 137 TL3-S, blueplanet gridsafe 92.0 TL3-S, blueplanet hybrid 10.0 TL3 and blueplanet hybrid 6.0 NH3-12.0 NH3 and classified as critical. The impacted element is an unknown function. Such manipulation leads to sql injection. This vulnerability is documented as CVE-2026-41125. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in multiparty service up to 4.2.3/4.2.x and classified as problematic. The affected element is the function push of the component Multipart Upload Handler. This manipulation causes uncaught exception. This vulnerability is registered as CVE-2026-8161. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Siemens Solid Edge SE2026 up to 226.0 Update 4. Impacted is an unknown function of the component PAR File Handler. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-44412. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Siemens Solid Edge SE2026 up to 226.0 Update 4. This issue affects some unknown processing of the component PAR File Handler. The manipulation leads to uninitialized pointer. This vulnerability is listed as CVE-2026-44411. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Siemens Teamcenter. This vulnerability affects unknown code. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-33862. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Siemens SIMATIC Drive Controller CPU 1504D TF, SIMATIC Drive Controller CPU 1507D TF, SIMATIC ET 200SP CPU 1510SP F-1 PN, SIMATIC ET 200SP CPU 1510SP-1 PN, SIMATIC ET 200SP CPU 1512SP F-1 PN, SIMATIC ET 200SP CPU 1512SP-1 PN, SIMATIC ET 200SP CPU 1514SP F-2 PN, SIMATIC ET 200SP CPU 1514SP-2 PN, SIMATIC ET 200SP CPU 1514SPT F-2 PN, SIMATIC ET 200SP CPU 1514SPT-2 PN, SIMATIC ET 200SP Open Controller CPU 1515SP PC, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V3 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513pro F-2 PN, SIMATIC S7-1500 CPU 1513pro-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN, DP, SIMATIC S7-1500 CPU 1516F-3 PN, SIMATIC S7-1500 CPU 1516pro F-2 PN, SIMATIC S7-1500 CPU 1516pro-2 PN, SIMATIC S7-1500 CPU 1516T-3 PN, SIMATIC S7-1500 CPU 1516TF-3 PN, SIMATIC S7-1500 CPU 1517-3 PN, SIMATIC S7-1500 CPU 1517F-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN, SIMATIC S7-1500 CPU 1517TF-3 PN, SIMATIC S7-1500 CPU 1518-3 PN, SIMATIC S7-1500 CPU 1518-4 PN, DP MFP, SIMATIC S7-1500 CPU 1518F-3 PN, SIMATIC S7-1500 CPU 1518F-4 PN, SIMATIC S7-1500 CPU 1518T-3 PN, SIMATIC S7-1500 CPU 1518T-4 PN, SIMATIC S7-1500 CPU 1518TF-3 PN, SIMATIC S7-1500 CPU 1518TF-4 PN, SIMATIC S7-1500 CPU S7-1518-4 PN, DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4, SIMATIC S7-1500 Software Controller CPU 1508S T V3, SIMATIC S7-1500 Software Controller CPU 1508S TF V3, SIMATIC S7-1500 Software Controller CPU 1508S V2, SIMATIC S7-1500 Software Controller CPU 1508S V3 and SIMATIC S7-150 up to 3.1.5. This affects an unknown part of the component Web Interface. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-25787. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Siemens SIMATIC Drive Controller CPU 1504D TF, SIMATIC Drive Controller CPU 1507D TF, SIMATIC ET 200SP CPU 1510SP F-1 PN, SIMATIC ET 200SP CPU 1510SP-1 PN, SIMATIC ET 200SP CPU 1512SP F-1 PN, SIMATIC ET 200SP CPU 1512SP-1 PN, SIMATIC ET 200SP CPU 1514SP F-2 PN, SIMATIC ET 200SP CPU 1514SP-2 PN, SIMATIC ET 200SP CPU 1514SPT F-2 PN, SIMATIC ET 200SP CPU 1514SPT-2 PN, SIMATIC ET 200SP Open Controller CPU 1515SP PC, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V3 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513pro F-2 PN, SIMATIC S7-1500 CPU 1513pro-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN, DP, SIMATIC S7-1500 CPU 1516F-3 PN, SIMATIC S7-1500 CPU 1516pro F-2 PN, SIMATIC S7-1500 CPU 1516pro-2 PN, SIMATIC S7-1500 CPU 1516T-3 PN, SIMATIC S7-1500 CPU 1516TF-3 PN, SIMATIC S7-1500 CPU 1517-3 PN, SIMATIC S7-1500 CPU 1517F-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN, SIMATIC S7-1500 CPU 1517TF-3 PN, SIMATIC S7-1500 CPU 1518-3 PN, SIMATIC S7-1500 CPU 1518-4 PN, DP MFP, SIMATIC S7-1500 CPU 1518F-3 PN, SIMATIC S7-1500 CPU 1518F-4 PN, SIMATIC S7-1500 CPU 1518T-3 PN, SIMATIC S7-1500 CPU 1518T-4 PN, SIMATIC S7-1500 CPU 1518TF-3 PN, SIMATIC S7-1500 CPU 1518TF-4 PN, SIMATIC S7-1500 CPU S7-1518-4 PN, DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4, SIMATIC S7-1500 Software Controller CPU 1508S T V3, SIMATIC S7-1500 Software Controller CPU 1508S TF V3, SIMATIC S7-1500 Software Controller CPU 1508S V2, SIMATIC S7-1500 Software Controller CPU 1508S V3 and SIMATIC S7-150 up to 3.1.5. Affected by this issue is some unknown functionality of the component Web Interface. Such manipulation of the argument communication leads to cross site scripting. This vulnerability is referenced as CVE-2026-25786. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Siemens IE-PB LINK HA, PB link PN IO, RUGGEDCOM RM1224 LTE EU, RUGGEDCOM RM1224 LTE NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router, SCALANCE M816-1 ADSL-Router, SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M874-3 3G-Router, SCALANCE M876-3, SCALANCE M876-4, SCALANCE MUB852-1, SCALANCE MUM853-1, SCALANCE MUM856-1, SCALANCE S615 EEC LAN-Router, SCALANCE S615 LAN-Router, SCALANCE SC622-2C, SCALANCE SC626-2C, SCALANCE SC632-2C, SCALANCE SC636-2C, SCALANCE SC642-2C, SCALANCE SC646-2C, SCALANCE W1748-1 M12, SCALANCE W1788-1 M12, SCALANCE W1788-2 EEC M12, SCALANCE W1788-2 M12, SCALANCE W1788-2IA M12, SCALANCE W721-1 RJ45, SCALANCE W722-1 RJ45, SCALANCE W734-1 RJ45, SCALANCE W738-1 M12, SCALANCE W748-1 M12, SCALANCE W748-1 RJ45, SCALANCE W761-1 RJ45, SCALANCE W774-1 M12 EEC, SCALANCE W774-1 RJ45, SCALANCE W778-1 M12, SCALANCE W778-1 M12 EEC, SCALANCE W786-1 RJ45, SCALANCE W786-2 RJ45, SCALANCE W786-2 SFP, SCALANCE W786-2IA RJ45, SCALANCE W788-1 M12, SCALANCE W788-1 RJ45, SCALANCE W788-2 M12, SCALANCE W788-2 M12 EEC, SCALANCE W788-2 RJ45, SCALANCE WAB762-1, SCALANCE WAM763-1, SCALANCE WAM766-1, SCALANCE WAM766-1 EEC, SCALANCE WUB762-1, SCALANCE WUB762-1 iFeatures, SCALANCE WUM763-1, SCALANCE WUM766-1, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2 RD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XM408-4C, SCALANCE XM408-8C, SCALANCE XM416-4C, SCALANCE XR324-12M, SCALANCE XR324-12M TS, SCALANCE XR324-4M EEC and SCALANCE XR324-4M PoE. Affected by this vulnerability is an unknown functionality of the component IPv4 Request Handler. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2025-40833. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in multiparty up to 4.2.3/4.2.x. Affected is an unknown function of the component Content-Disposition Parser. The manipulation results in handling of exceptional conditions. This vulnerability was named CVE-2026-8162. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in multiparty up to 4.2.3/4.2.x. This impacts an unknown function. The manipulation leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2026-8159. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Siemens ROS up to 2.2.1. This affects an unknown function. Executing a manipulation can lead to relative path traversal. This vulnerability is handled as CVE-2026-41551. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Siemens Teamcenter. It has been rated as critical. The impacted element is an unknown function. Performing a manipulation results in hard-coded credentials. This vulnerability is known as CVE-2026-33893. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Siemens SIMATIC HMI MTP1000 Unified Comfort Panel, SIMATIC HMI MTP1000 Unified Comfort Panel hygienic, SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1000, Unified Comfort Panel neutral, SIMATIC HMI MTP1200 Comfort Pro for stand, SIMATIC HMI MTP1200 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1200 Comfort Pro for support arm, SIMATIC HMI MTP1200 Comfort Pro neutral design for stand, SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1200 Unified Comfort Panel, SIMATIC HMI MTP1200 Unified Comfort Panel hygienic, SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1200 Unified Comfort Panel neutral design, SIMATIC HMI MTP1500 Comfort Pro for stand, SIMATIC HMI MTP1500 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1500 Comfort Pro for support arm, SIMATIC HMI MTP1500 Comfort Pro neutral design for stand, SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1500 Unified Comfort Panel, SIMATIC HMI MTP1500 Unified Comfort Panel hygienic, SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1500 Unified Comfort Panel neutral design, SIMATIC HMI MTP1900 Comfort Pro for stand, SIMATIC HMI MTP1900 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1900 Comfort Pro for support arm, SIMATIC HMI MTP1900 Comfort Pro neutral design for stand, SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1900 Unified Comfort Panel, SIMATIC HMI MTP1900 Unified Comfort Panel hygienic, SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1900 Unified Comfort Panel neutral design, SIMATIC HMI MTP2200 Comfort Pro for stand, SIMATIC HMI MTP2200 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP2200 Comfort Pro for support arm, SIMATIC HMI MTP2200 Comfort Pro neutral design for stand, SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm, SIMATIC HMI MTP2200 Unified Comfort Hygienic, SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design, SIMATIC HMI MTP2200 Unified Comfort Panel, SIMATIC HMI MTP2200 Unified Comfort Panel neutral design and SIMATIC HMI MTP700 Unified. It has been declared as problematic. The affected element is an unknown function. Such manipulation leads to insecure default initialization of resource. This vulnerability is traded as CVE-2026-27662. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens SIMATIC Drive Controller CPU 1504D TF, SIMATIC Drive Controller CPU 1507D TF, SIMATIC ET 200SP CPU 1510SP F-1 PN, SIMATIC ET 200SP CPU 1510SP-1 PN, SIMATIC ET 200SP CPU 1512SP F-1 PN, SIMATIC ET 200SP CPU 1512SP-1 PN, SIMATIC ET 200SP CPU 1514SP F-2 PN, SIMATIC ET 200SP CPU 1514SP-2 PN, SIMATIC ET 200SP CPU 1514SPT F-2 PN, SIMATIC ET 200SP CPU 1514SPT-2 PN, SIMATIC ET 200SP Open Controller CPU 1515SP PC, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V3 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513pro F-2 PN, SIMATIC S7-1500 CPU 1513pro-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN, DP, SIMATIC S7-1500 CPU 1516F-3 PN, SIMATIC S7-1500 CPU 1516pro F-2 PN, SIMATIC S7-1500 CPU 1516pro-2 PN, SIMATIC S7-1500 CPU 1516T-3 PN, SIMATIC S7-1500 CPU 1516TF-3 PN, SIMATIC S7-1500 CPU 1517-3 PN, SIMATIC S7-1500 CPU 1517F-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN, SIMATIC S7-1500 CPU 1517TF-3 PN, SIMATIC S7-1500 CPU 1518-3 PN, SIMATIC S7-1500 CPU 1518-4 PN, DP MFP, SIMATIC S7-1500 CPU 1518F-3 PN, SIMATIC S7-1500 CPU 1518F-4 PN, SIMATIC S7-1500 CPU 1518T-3 PN, SIMATIC S7-1500 CPU 1518T-4 PN, SIMATIC S7-1500 CPU 1518TF-3 PN, SIMATIC S7-1500 CPU 1518TF-4 PN, SIMATIC S7-1500 CPU S7-1518-4 PN, DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4, SIMATIC S7-1500 Software Controller CPU 1508S T V3, SIMATIC S7-1500 Software Controller CPU 1508S TF V3, SIMATIC S7-1500 Software Controller CPU 1508S V2, SIMATIC S7-1500 Software Controller CPU 1508S V3 and SIMATIC S7-150 up to 3.1.5. It has been classified as problematic. Impacted is an unknown function of the component Firmware Update Page. This manipulation causes cross site scripting. This vulnerability appears as CVE-2026-25789. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Siemens SIMATIC CN 4100 up to 4.x and classified as critical. This issue affects some unknown processing. The manipulation results in allocation of resources. This vulnerability is reported as CVE-2026-22925. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.