Siemens SIMATIC S7 PLC Web Server — CVE-2026-25786
CISA ICS · CISA · CVE-2026-25786
ID
CVE-2026-25786
CVE-2026-25786
Date
Activity
Source
CISA ICS
CISA ICS
Vendor
CISA
CISA
Threat
medium
medium
Summary
View CSAF Summary SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The…
Product
ICS Advisory
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.