CNNVD-202508-1030 Information
CNNVD ID
CNNVD-202508-1030
Related CVE
- CNNVD Published: 2025-08-12
Description (Chinese)
Siemens SIMOTION SCOUT TIA等都是德国西门子(Siemens)公司的产品。Siemens SIMOTION SCOUT TIA是一款高端运动控制系统。Siemens SIMOTION SCOUT是一款高端运动控制系统。Siemens SINAMICS STARTER是一款驱动调试工具软件。 Siemens多款产品存在代码问题漏洞,该漏洞源于XML外部实体注入,可能导致读取任意文件。以下产品及版本受到影响:SIMOTION SCOUT TIA V5.4、SIMOTION SCOUT TIA V5.5、SIMOTION SCOUT TIA V5.6 V5.6 SP1 HF7之前版本、SIMOTION SCOUT TIA V5.7 V5.7 SP1 HF1之前版本、SIMOTION SCOUT V5.4、SIMOTION SCOUT V5.5、SIMOTION SCOUT V5.6 V5.6 SP1 HF7之前版本、SIMOTION SCOUT V5.7 V5.7 SP1 HF1之前版本、SINAMICS STARTER V5.5、SINAMICS STARTER V5.6和SINAMICS STARTER V5.7。
Description (English)
Siemens SIMOTION SCOUT TIA and others are products of Siemens Germany. Siemens SIMOTION SCOUT TIA is a high-end movement control system. Siemens SIMOTION SCOUT is a high-end movement control system. Siemens SINAMICS STARTER is a driver-debugging tool software. There is a code gap in the Siemens multi-products, which originates from the injection of an external XML entity and may lead to the reading of any document. The following products and versions were affected: SIMOTON SCOUT TIA V.5.4, SIMOTON SCOUT TIA V.5.5, SIMOTON SCOUT TIA V.5.6 V5.6 pre-SP1 HF7, SIMOTON SCOUT TIA V5.7 V5.7 pre-SP1 SF1, SIMOTON SCOUT V.5.4, SIMOTON SCOUT V5.5, SIMOTOON SCOUT V5.6 V5.6 V6 VANT SPOUT SP1 SF7 pre-SIMOTION SCOUT V5.57 V5.7 pre-SSP1 HF1, SINAMICS STARTER V5.5, SINAMICSER STAR V5.6 and SINAMICARTER V5.7.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
西门子
Published
2025-08-12
Last Modified
2026-02-24
References
https://cert-portal.siemens.com/productcert/html/ssa-186293.html
Patch
https://cert-portal.siemens.com/productcert/html/ssa-186293.html
Share on: