Siemens SIMATIC

Plan PatchCVSS 7.7ICS-CERT ICSA-26-134-07May 12, 2026

SiemensManufacturing

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC HMI Unified Comfort Panels before V21.0 contain a vulnerability that allows an unauthenticated attacker to access the web browser through the Control Panel via the help link. If the Control Panel is not protected by security mechanisms, an attacker can exploit this to access the browser and potentially discover backdoors or make unwanted misconfigurations to the HMI runtime environment.

What this means

What could happen

An attacker with physical or network access to an unprotected HMI panel could launch a web browser and gain unauthorized access to the system, potentially leading to misconfiguration of industrial processes, altered setpoints, or disruption of plant operations.

Who's at risk

Manufacturing facilities using Siemens SIMATIC HMI Unified Comfort panels (MTP700, MTP1000, MTP1200, MTP1500, MTP1900, MTP2200 models) and SIPLUS HMI MTP variants with Comfort Pro or Unified Comfort runtime before version 21.0. This includes production lines, batch processing, and any facility relying on these touchscreen HMI devices for operator interface and process monitoring.

How it could be exploited

An attacker clicks the help link in the Control Panel on an affected HMI device, which launches an unauthenticated web browser. The attacker can then use the browser to explore the system and potentially access configuration interfaces or discover backdoors that allow further compromise of the HMI and connected industrial equipment.

Prerequisites

Physical or network access to the HMI panel touchscreen or interface
Control Panel not protected by security access restrictions
Help link functionality enabled (default configuration)

No authentication requiredLow complexity exploitationAffects HMI/operator interface systemsPhysical and network attack vectors

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (50)

50 with fix

ProductAffected VersionsFix Status

SIMATIC HMI MTP1000 Unified Comfort Panel< 2121

SIMATIC HMI MTP1000 Unified Comfort Panel hygienic< 2121

SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design< 2121

SIMATIC HMI MTP1000, Unified Comfort Panel neutral< 2121

SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom)< 2121

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable the taskbar on affected panels via Control Panel > System Properties > Taskbar

HARDENINGEnable access protection for the Control Panel (see Siemens security guidelines section 3.4.1)

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected SIMATIC HMI panels to firmware version V21 or later

HARDENINGConfigure runtime autostart settings per Siemens security guidelines section 3.4.2 to prevent unauthorized access during startup

Long-term hardening

0/1

HARDENINGEnsure proper HMI runtime shutdown procedures per Siemens security guidelines section 3.2 to prevent uncontrolled access during transitions

CVEs (1)

CVE-2026-27662

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/33961f01-f5d4-44e4-b8c7-e7addf870b84

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.