Skip to main content

Simatic S7 Plcsim Advanced

9 CVEs product

Monthly

CVE-2026-54429 MEDIUM This Month

Denial of service in Siemens SIMATIC S7-PLCSIM Advanced (all versions) allows an unauthenticated attacker on the same local network segment to exhaust the application's memory by flooding it with high-volume multicast traffic, rendering the PLC simulation instance inaccessible until manually restarted. Exploitation is limited to instances running a specific active project configuration, and no project data is lost. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Simatic S7 Plcsim Advanced
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-25789 HIGH CISA Act Now

Cross-site scripting (XSS) in Siemens SIMATIC S7-1500 PLC family firmware upload interface allows authenticated attackers to execute malicious JavaScript in administrator sessions via crafted filenames. This stored XSS requires social engineering to trick authenticated users into selecting the attacker-supplied firmware file on the web-based management interface. Successful exploitation enables session hijacking and credential theft without requiring the malicious file to be uploaded. EPSS data not provided, no CISA KEV status confirmed, affecting industrial automation controllers widely deployed in critical infrastructure environments.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf Simatic Et 200Sp Cpu 1510Sp F 1 Pn Simatic Et 200Sp Cpu 1510Sp 1 Pn +95
NVD VulDB
CVSS 4.0
7.2
EPSS
0.1%
CVE-2026-25787 CRITICAL CISA Emergency

Stored cross-site scripting (XSS) in Siemens SIMATIC S7-1500 and ET 200SP controller families allows authenticated attackers with high privileges to inject malicious scripts via Technology Object (TO) names when downloading TIA Portal projects. The scripts execute when authorized users access the Motion Control Diagnostics web interface page, enabling session hijacking, credential theft, or privileged actions performed under the victim's context. This affects over 100 product variants across industrial automation controllers, software controllers, and open controllers. No active exploitation confirmed (not in CISA KEV). EPSS score not provided in dataset. CVSS 4.0 score of 9.3 reflects high impact across confidentiality, integrity, and availability in both vulnerable and subsequent systems.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf Simatic Et 200Sp Cpu 1510Sp F 1 Pn Simatic Et 200Sp Cpu 1510Sp 1 Pn +95
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-25786 CRITICAL CISA Emergency

Stored cross-site scripting in Siemens SIMATIC S7-1500 controller family web interface allows authenticated high-privilege attackers to inject malicious code via crafted PLC/station names in TIA project files. When users with appropriate rights later access the communication parameters page, injected scripts execute in their session context with high impact to confidentiality, integrity, and availability across system boundaries (CVSS 9.3, CVSS:4.0 S:H). No public exploit identified at time of analysis, but CVSS vector indicates low attack complexity (AC:L) once attacker gains privileged project upload access.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf Simatic Et 200Sp Cpu 1510Sp F 1 Pn Simatic Et 200Sp Cpu 1510Sp 1 Pn +95
NVD VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2022-30694 MEDIUM PATCH This Month

The login endpoint /FormLogin in affected web services does not apply proper origin checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Simatic S7 1500 Software Controller Simatic S7 Plcsim Advanced Simatic Wincc Runtime 6Es7154 8Fb01 0Ab0 Firmware +109
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-15782 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Information Disclosure Simatic Driver Controller Firmware S7 1200 Cpu Firmware S7 1500 Cpu Firmware +3
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2019-10943 HIGH This Week

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +8
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-10929 MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +16
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-6568 HIGH This Week

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Cp1604 Firmware Cp1616 Firmware +51
NVD
CVSS 3.1
7.5
EPSS
1.4%
EPSS 0% CVSS 6.0
MEDIUM This Month

Denial of service in Siemens SIMATIC S7-PLCSIM Advanced (all versions) allows an unauthenticated attacker on the same local network segment to exhaust the application's memory by flooding it with high-volume multicast traffic, rendering the PLC simulation instance inaccessible until manually restarted. Exploitation is limited to instances running a specific active project configuration, and no project data is lost. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Simatic S7 Plcsim Advanced
NVD
EPSS 0% CVSS 7.2
HIGH Act Now

Cross-site scripting (XSS) in Siemens SIMATIC S7-1500 PLC family firmware upload interface allows authenticated attackers to execute malicious JavaScript in administrator sessions via crafted filenames. This stored XSS requires social engineering to trick authenticated users into selecting the attacker-supplied firmware file on the web-based management interface. Successful exploitation enables session hijacking and credential theft without requiring the malicious file to be uploaded. EPSS data not provided, no CISA KEV status confirmed, affecting industrial automation controllers widely deployed in critical infrastructure environments.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf +97
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Emergency

Stored cross-site scripting (XSS) in Siemens SIMATIC S7-1500 and ET 200SP controller families allows authenticated attackers with high privileges to inject malicious scripts via Technology Object (TO) names when downloading TIA Portal projects. The scripts execute when authorized users access the Motion Control Diagnostics web interface page, enabling session hijacking, credential theft, or privileged actions performed under the victim's context. This affects over 100 product variants across industrial automation controllers, software controllers, and open controllers. No active exploitation confirmed (not in CISA KEV). EPSS score not provided in dataset. CVSS 4.0 score of 9.3 reflects high impact across confidentiality, integrity, and availability in both vulnerable and subsequent systems.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf +97
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL Emergency

Stored cross-site scripting in Siemens SIMATIC S7-1500 controller family web interface allows authenticated high-privilege attackers to inject malicious code via crafted PLC/station names in TIA project files. When users with appropriate rights later access the communication parameters page, injected scripts execute in their session context with high impact to confidentiality, integrity, and availability across system boundaries (CVSS 9.3, CVSS:4.0 S:H). No public exploit identified at time of analysis, but CVSS vector indicates low attack complexity (AC:L) once attacker gains privileged project upload access.

XSS Simatic Drive Controller Cpu 1504D Tf Simatic Drive Controller Cpu 1507D Tf +97
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The login endpoint /FormLogin in affected web services does not apply proper origin checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Simatic S7 1500 Software Controller Simatic S7 Plcsim Advanced +111
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Information Disclosure Simatic Driver Controller Firmware +5
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware +10
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware +18
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +53
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy