Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page.
If a benign user with appropriate rights accesses the "Motion Control Diagnostics" parameters page, the malicious code would be executed in the scope of their web session.
Details
CVSS v3
9.1
CVSS v4
9.3
NVD published
2026-05-12 10:16:44
Affected versions
Vulnerable SIMATIC industrial motion control devices
Summary
This stored cross-site scripting vulnerability occurs from insufficient validation and sanitization of Technology Object names on the Motion Control Diagnostics web page. An authenticated attacker authorized to upload a TIA project can inject malicious script into the page. When a privileged legitimate user visits the affected page, the malicious code executes within the scope of their authenticated web session.
Remediation
Apply the latest official security updates for your affected motion control device. Restrict network access to the device's web interface to only trusted management networks. Enforce access controls that only allow trusted authorized personnel to upload new TIA projects to the device.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.