2 matches found
Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25786)
Affected devices do not properly validate and sanitize PLC/station name rendered on the 'communication' parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...
PT-2026-39984
Name of the Vulnerable Software and Affected Versions Siemens SIMATIC affected versions not specified Description Devices fail to properly validate and sanitize the PLC/station name rendered on the "communication" parameters page of the web interface. An authenticated attacker with authorization ...