Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
MonitorCVSS 5.5ICS-CERT ICSA-25-226-18Aug 12, 2025
Siemens
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER are affected by an XXE (XML External Entity) injection vulnerability in XML file processing. An attacker could craft a malicious XML file that, when opened by a user in the affected application, allows reading of arbitrary files accessible to the application process. The vulnerability requires user interaction (opening an untrusted XML file) and cannot be exploited remotely. Siemens has released hotfixes for V5.6 and V5.7 versions; older versions (V5.4, V5.5) will not receive fixes.
What this means
What could happen
An attacker with access to a user's workstation running these tools could extract arbitrary files from the application environment by tricking the user into opening a malicious XML file, potentially exposing configuration files, project data, or credentials stored on the engineering workstation.
Who's at risk
Engineering teams and automation engineers using SIMOTION SCOUT, SIMOTION SCOUT TIA, or SINAMICS STARTER on their workstations for programming and configuration of Siemens motion control and drive systems are affected. This impacts organizations managing SIMOTION-based positioning systems, synchronized multi-axis motion, and SINAMICS variable frequency drives in manufacturing, packaging, and material handling environments.
How it could be exploited
An attacker crafts a malicious XML file containing an XXE (XML External Entity) payload and either emails it to an engineering team member or hosts it for download. When the user opens the file in SIMOTION SCOUT, SIMOTION SCOUT TIA, or SINAMICS STARTER, the application parses the XML without properly validating entity definitions, allowing the attacker to read arbitrary files accessible to the application process (such as project files, configuration data, or local system files).
Prerequisites
- User interaction required: victim must open the malicious XML file in the vulnerable application
- Local or shared network access to the engineering workstation running the affected tool
- No special privileges or authentication needed beyond normal application use
requires user interaction (social engineering attack vector)no patch available for older versions (V5.4, V5.5)affects engineering workstations which may have access to sensitive project and configuration datalow complexity exploitation (standard XXE technique)
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (11)
5 with fix6 EOL
ProductAffected VersionsFix Status
SIMOTION SCOUT TIA V5.6<V5.6 SP1 HF75.6 SP1 HF7
SIMOTION SCOUT TIA V5.7<V5.7 SP1 HF15.7 SP1 HF1
SIMOTION SCOUT V5.6<V5.6 SP1 HF75.6 SP1 HF7
SIMOTION SCOUT V5.7<V5.7 SP1 HF15.7 SP1 HF1
SINAMICS STARTER V5.7<V5.7 HF25.7 HF2
SIMOTION SCOUT TIA V5.5All versionsNo fix (EOL)
SIMOTION SCOUT V5.4All versionsNo fix (EOL)
SIMOTION SCOUT V5.5All versionsNo fix (EOL)
Remediation & Mitigation
0/7
Do now
0/1SIMOTION SCOUT V5.4
WORKAROUNDFor unfixed versions (SIMOTION SCOUT V5.4/V5.5, SIMOTION SCOUT TIA V5.4/V5.5, SINAMICS STARTER V5.5/V5.6), implement user training: do not open or import XML files from untrusted sources
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
SIMOTION SCOUT V5.6
HOTFIXUpdate SIMOTION SCOUT V5.6 to version 5.6 SP1 HF7 or later
SIMOTION SCOUT TIA V5.6
HOTFIXUpdate SIMOTION SCOUT TIA V5.6 to version 5.6 SP1 HF7 or later
SIMOTION SCOUT TIA V5.7
HOTFIXUpdate SIMOTION SCOUT TIA V5.7 to version 5.7 SP1 HF1 or later
SIMOTION SCOUT V5.7
HOTFIXUpdate SIMOTION SCOUT V5.7 to version 5.7 SP1 HF1 or later
SINAMICS STARTER V5.7
HOTFIXUpdate SINAMICS STARTER V5.7 to version 5.7 HF2 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: SIMOTION SCOUT TIA V5.5, SIMOTION SCOUT V5.4, SIMOTION SCOUT V5.5, SINAMICS STARTER V5.5, SINAMICS STARTER V5.6, SIMOTION SCOUT TIA V5.4. Apply the following compensating controls:
HARDENINGRestrict engineering workstation network access to only necessary SCADA/HMI networks using host-based firewall rules to reduce the risk of social engineering attacks delivering malicious files
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/32632d71-b809-4b08-94b0-3fa658e7e5bbGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.