THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-25787 (CRITICAL 9.1) — Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious

[NVD] CVE-2026-25787 (CRITICAL 9.1) — Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious

lownvdPublished 2026-05-12

CVE-2026-25787 CVSS: 9.1 CRITICAL Published: 2026-05-12T10:16:44.610

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appr

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25787