Siemens SIMATIC S7-PLCSIM
Easy fix1 remedy
cpe:2.3:a:siemens:simatic_s7-plcsim:*:*:*:*:*:*:*
Easy fix1 remedy
- <= 17
Siemens Engineering Platforms Deserialization Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A deserialization vulnerability has been identified in various Siemens engineering platforms, including SIMATIC S7-PLCSIM, STEP 7, WinCC, SIMOCODE ES, SINAMICS Startdrive, SIRIUS Safety ES, SIRIUS Soft Starter, and TIA Portal Cloud, all versions. The vulnerability arises because these products do not properly sanitize user-controllable input when parsing project files. This flaw could enable an attacker to cause type confusion and execute arbitrary code within the affected application.
Impact
Exploitation of this vulnerability could lead to type confusion and allow for the execution of arbitrary code within the affected application.
Remediation
Siemens has released new versions for several affected products and recommends updating to the latest versions. For products where fixes are not, or not yet available, Siemens advises only opening projects from trusted sources. Additional product-specific remediations or mitigations can be found in the Siemens Security Advisory SSA-493396.
Added: Aug 12, 2025, 12:30 PM
Updated: Aug 12, 2025, 2:48 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
4.6remediation
8.3relevance
0.4threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.