VDB
CNVD-2026-13386
CNVD-2026-13386
PUBLISHED
CVSS 9.600000381469727 CRITICAL
SIMATIC S7-1500是西门子公司推出的工业控制器。 Siemens SIMATIC S7-1500存在存储型跨站脚本漏洞,攻击者可利用漏洞通过诱使合法用户在网页界面中导入特制的跟踪文件来注入代码。
Risk Scores
CVSS 3.1
9.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP | 0 |
| Siemens | SIMATIC S7-1500 CPU 1516T-3 PN/DP | 0 |
| Siemens | SIMATIC S7-1500 CPU 1511T-1 PN | 0, 0 |
| Siemens | SIMATIC S7-1500 Software Controller Linux V3 | 0 |
| Siemens | SIMATIC S7-1500 CPU 1517T-3 PN | 0 |
| Siemens | SIMATIC S7-1500 CPU 1518T-4 PN/DP | 0 |
| Siemens | SIMATIC S7-1500 Software Controller CPU 1508S F V2 | 0 |
| Siemens | SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS | 0 |
| Siemens | SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL | 0 |
| Siemens | SIMATIC S7-1500 Software Controller CPU 1507S F V3 | 0 |
| Siemens | SIMATIC S7-1500 CPU 1518-3 PN | 0 |
| Siemens | SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS | 0 |
| Siemens | SIPLUS ET 200SP CPU 1510SP-1 PN RAIL | 0, 0 |
| Siemens | SIPLUS S7-1500 CPU 1518F-4 PN/DP | 0 |
| Siemens | SIMATIC S7-1500 Software Controller CPU 1508S V3 | 0 |
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | 0, 0 |
| Siemens | SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) | 0 |
| Siemens | SIPLUS S7-1500 CPU 1511-1 PN | 0, 0, 0 |
| Siemens | SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL | 0 |
| Siemens | SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL | 0, 0 |
…and 85 more
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/html/ssa-452276.html (circl)
- CIRCL seen: CVE-2025-40943 (circl-sighting)
- CIRCL seen: CVE-2025-40943 (circl-sighting)
- CIRCL seen: CVE-2025-40943 (circl-sighting)
Timeline
- Mar 10, 2026 CVE Published
- Mar 10, 2026 PoC Published
- Mar 10, 2026 PoC Published
- Mar 12, 2026 PoC Published