CVE-2025-40584
CVE-2025-40584
A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions < V5.7 HF2). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Siemens · SIMOTION SCOUT TIA V5.4Siemens · SIMOTION SCOUT TIA V5.5Siemens · SIMOTION SCOUT TIA V5.6Siemens · SIMOTION SCOUT TIA V5.7Siemens · SIMOTION SCOUT V5.4Siemens · SIMOTION SCOUT V5.5Siemens · SIMOTION SCOUT V5.6Siemens · SIMOTION SCOUT V5.7Siemens · SINAMICS STARTER V5.5Siemens · SINAMICS STARTER V5.6Siemens · SINAMICS STARTER V5.7¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →