CVE-2026-25787

Siemens · SIMATIC S7-1500 / TIA Portal (via "Motion Control Diagnostics")

A stored cross-site scripting (XSS) vulnerability in the "Motion Control Diagnostics" web interface allows authenticated attackers to inject malicious scripts.

Executive summary

An authenticated stored XSS vulnerability in the Motion Control Diagnostics interface allows attackers to execute malicious scripts in the context of other users' sessions.

Vulnerability

The application fails to sanitize Technology Object (TO) names rendered on the "Motion Control Diagnostics" page. An authenticated attacker with project download permissions can inject malicious scripts that execute when a benign user views the page.

Business impact

With a CVSS score of 9.1, this vulnerability presents a high risk of session hijacking and unauthorized administrative actions. By compromising the web session of an authorized user, an attacker could potentially manipulate diagnostic data or gain further unauthorized access to the industrial control system environment.

Remediation

Immediate Action: Update the affected products to the latest version provided by the vendor to ensure proper input sanitization.

Proactive Monitoring: Audit access to the "Motion Control Diagnostics" page and monitor for anomalous script execution or unexpected changes to project configurations.

Compensating Controls: Limit access to the web interface to authorized personnel only and ensure that users log out immediately after finishing administrative tasks.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

This vulnerability highlights the risk of script injection in industrial web interfaces. Administrators should verify the patch status with the vendor and enforce strict access controls for users capable of modifying TIA projects to mitigate the threat of session compromise.