Description
A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions < V5.7 HF2). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-186293.html
Scores
CVSS v3
5.5
EPSS
0.0016
EPSS Percentile
5.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-611
Status
published
Products (11)
Siemens/SIMOTION SCOUT TIA V5.4
Siemens/SIMOTION SCOUT TIA V5.5
Siemens/SIMOTION SCOUT TIA V5.6
< V5.6 SP1 HF7
Siemens/SIMOTION SCOUT TIA V5.7
< V5.7 SP1 HF1
Siemens/SIMOTION SCOUT V5.4
Siemens/SIMOTION SCOUT V5.5
Siemens/SIMOTION SCOUT V5.6
< V5.6 SP1 HF7
Siemens/SIMOTION SCOUT V5.7
< V5.7 SP1 HF1
Siemens/SINAMICS STARTER V5.5
Siemens/SINAMICS STARTER V5.6
... and 1 more
Published
Aug 12, 2025
Tracked Since
Feb 18, 2026