THREAT OPS › Threat News › [NVD] CVE-2026-25787 (CRITICAL 9.1) — Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious
[NVD] CVE-2026-25787 (CRITICAL 9.1) — Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious
CVE-2026-25787 CVSS: 9.1 CRITICAL Published: 2026-05-12T10:16:44.610
Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appr
Indicators of compromise
- CVE-2026-25787cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25787