Primary

Context

Siemens SIMOTION SCOUT and SINAMICS STARTER XML External Entity Injection Vulnerability

Vulnerability

A vulnerability allowing XML External Entity (XXE) injection has been identified in multiple versions of Siemens SIMOTION SCOUT TIA and SINAMICS STARTER applications. This vulnerability arises when the applications parse specially crafted XML files, potentially allowing an attacker to read arbitrary files from the system.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the system where the affected application is running.

Remediation

Siemens has released new versions for several affected products. For SIMOTION SCOUT and SINAMICS STARTER, it is recommended to update to the latest versions. For products where fixes are not yet available, Siemens advises not to open untrusted XML files in the affected applications.

Added: Aug 12, 2025, 12:41 PM

Updated: Aug 12, 2025, 2:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

4.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

4.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SIMOTION SCOUT and SINAMICS STARTER XML External Entity Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating