ICSA-25-226-18
·
Published 2026-04-16
·
View on CISA ICS-CERT ↗
Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
CVSS 5.5
MEDIUM
Risk Summary
SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER are affected by an XXE injection vulnerability that could allow an attacker to access arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
CVEs (1)
Remediations
- Do not open untrusted XML files in affected applications
- Currently no fix is planned
- Update to V5.6 SP1 HF7 or later version
- Update to V5.7 HF2 or later version
- Update to V5.7 SP1 HF1 or later version
Affected Vendors
Siemens
Affected Products (11)
Siemens
·
SIMOTION SCOUT TIA V5.4
vers:all/*
Siemens
·
SIMOTION SCOUT TIA V5.5
vers:all/*
Siemens
·
SIMOTION SCOUT TIA V5.6
<V5.6_SP1_HF7
Siemens
·
SIMOTION SCOUT TIA V5.7
<V5.7_SP1_HF1
Siemens
·
SIMOTION SCOUT V5.4
vers:all/*
Siemens
·
SIMOTION SCOUT V5.5
vers:all/*
Siemens
·
SIMOTION SCOUT V5.6
<V5.6_SP1_HF7
Siemens
·
SIMOTION SCOUT V5.7
<V5.7_SP1_HF1
Siemens
·
SINAMICS STARTER V5.5
vers:all/*
Siemens
·
SINAMICS STARTER V5.6
vers:all/*
Siemens
·
SINAMICS STARTER V5.7
<V5.7_HF2
Affected Sectors
Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more