VDB
SSA-186293
SSA-186293
PUBLISHED
CVSS 5.5 MEDIUM
SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER are affected by an XXE injection vulnerability that could allow an attacker to access arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SINAMICS STARTER V5.5 | ||
| SINAMICS STARTER V5.7 | ||
| SIMOTION SCOUT V5.6 | ||
| SIMOTION SCOUT TIA V5.6 | ||
| SINAMICS STARTER V5.6 | ||
| SIMOTION SCOUT TIA V5.7 | ||
| SIMOTION SCOUT TIA V5.4 | ||
| SIMOTION SCOUT V5.5 | ||
| SIMOTION SCOUT V5.7 | ||
| SIMOTION SCOUT V5.4 | ||
| SIMOTION SCOUT TIA V5.5 |
Timeline
- Aug 12, 2025 CVE Published
- Apr 14, 2026 CVE Updated
References
- https://cert-portal.siemens.com/productcert/html/ssa-186293.html advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-186293.json advisory
- https://support.industry.siemens.com/cs/ww/en/view/109989067/ fix
- https://support.industry.siemens.com/cs/ww/en/view/26233208/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109989066/ fix