CVE-2026-27662

HIGH

Siemens Simatic Hmi MTP1000 Unified Comfort Panel - Initialization of a Resource with an Insecure Default

Title source: rule

Description

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performing unauthorized actions, or exploiting misconfigurations that may lead to further system compromise.

References (1)

Core 1

Core References

https://cert-portal.siemens.com/productcert/html/ssa-387223.html

Scores

CVSS v3 7.7

EPSS 0.0003

EPSS Percentile 10.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1188

Status published

Products (50)

Siemens/SIMATIC HMI MTP1000 Unified Comfort Panel < V21

Siemens/SIMATIC HMI MTP1000 Unified Comfort Panel hygienic < V21

Siemens/SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design < V21

Siemens/SIMATIC HMI MTP1000, Unified Comfort Panel neutral < V21

Siemens/SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) < V21

Siemens/SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit < V21

Siemens/SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) < V21

Siemens/SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) < V21

Siemens/SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio < V21

Siemens/SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) < V21

... and 40 more

Published May 12, 2026

Tracked Since May 12, 2026