Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
Monitor5.5ICS-CERT ICSA-25-226-18Aug 12, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER are affected by an XML External Entity (XXE) injection vulnerability in their XML file parsing. An attacker can craft a malicious XML file that, when opened by an engineer in the affected software, causes the application to read and expose arbitrary files from the host system. This affects versions 5.4 through 5.7 depending on the product. Siemens has released patches for some versions (5.6 SP1 HF7, 5.7 SP1 HF1, and 5.7 HF2) but has stated that no fixes are planned for earlier versions (5.4 and 5.5). The vulnerability is not remotely exploitable and requires user interaction.
What this means
What could happen
An attacker with access to an engineer's workstation could open a malicious XML file in SIMOTION SCOUT or SINAMICS STARTER, exposing sensitive application files and configuration data stored on that machine.
Who's at risk
Engineering teams using SIMOTION SCOUT (versions 5.4–5.7) or SINAMICS STARTER (versions 5.5–5.7) for motion control programming and commissioning are affected. These are engineering tools used on workstations by control system engineers to configure and test motion control systems in factories, water treatment plants, and power generation facilities.
How it could be exploited
An attacker delivers a crafted XML file to an engineer (typically via email or file share) and tricks them into opening it in the affected software. The XXE parser interprets the malicious XML and reads arbitrary files from the workstation's filesystem, which an attacker can then retrieve or exfiltrate.
Prerequisites
- User interaction required—engineer must open a malicious XML file
- Local access to the engineering workstation or network share where the file is stored
- Affected software version must be installed and in use
User interaction requiredLocal or adjacent network access neededOlder versions (5.4, 5.5) have no vendor fix plannedAffects engineering workstations—could expose project files and credentials
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (11)
5 with fix6 EOL
ProductAffected VersionsFix Status
SIMOTION SCOUT TIA V5.6<V5.6 SP1 HF75.6 SP1 HF7
SIMOTION SCOUT TIA V5.7<V5.7 SP1 HF15.7 SP1 HF1
SIMOTION SCOUT V5.6<V5.6 SP1 HF75.6 SP1 HF7
SIMOTION SCOUT V5.7<V5.7 SP1 HF15.7 SP1 HF1
SINAMICS STARTER V5.7<V5.7 HF25.7 HF2
SIMOTION SCOUT TIA V5.5All versionsNo fix (EOL)
SIMOTION SCOUT V5.4All versionsNo fix (EOL)
SIMOTION SCOUT V5.5All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDDo not open XML files from untrusted sources in SIMOTION SCOUT, SIMOTION SCOUT TIA, or SINAMICS STARTER
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMOTION SCOUT TIA to version 5.6 SP1 HF7 or 5.7 SP1 HF1 or later
HOTFIXUpdate SIMOTION SCOUT to version 5.6 SP1 HF7 or 5.7 SP1 HF1 or later
HOTFIXUpdate SINAMICS STARTER to version 5.7 HF2 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: SIMOTION SCOUT TIA V5.5, SIMOTION SCOUT V5.4, SIMOTION SCOUT V5.5, SINAMICS STARTER V5.5, SINAMICS STARTER V5.6, SIMOTION SCOUT TIA V5.4. Apply the following compensating controls:
HARDENINGEnforce network segmentation to restrict engineering workstation access from untrusted networks and the internet
HARDENINGConfigure firewall rules to limit access to engineering workstations from business network segments
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/32632d71-b809-4b08-94b0-3fa658e7e5bb