CISA 2026-05-14

Siemens SIMATIC S7 PLC Web Server

Machine-generated analysis · WAYSCloud LLM

SIMATIC S7 PLC web servers contain cross-site scripting vulnerabilities affecting multiple controller models. Siemens has released patches for some products and recommends mitigation for others.

Context

The advisory addresses Siemens SIMATIC S7 PLC web servers used in industrial control systems. It states that multiple vulnerabilities could allow cross-site scripting attacks. The affected product list includes specific Drive Controller and ET 200SP CPU models with version constraints.

Operator considerations

Check: Inventory affected Siemens SIMATIC S7 PLC models and versions
Patch: Update to versions 3.1.6 or 2.9.9 where available
Isolate: Restrict web server access to trusted networks

From Cybersecurity and Infrastructure Security Agency ↗

SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens SIMATIC S7 PLC Web Server are affected:

SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) vers:intdot/

Read the full advisory on CISA →