XML External Entity (XXE) Injection Vulnerability in SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER
Monitor5.5SSA-186293Aug 12, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
XXE injection vulnerability in SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER allows an attacker to read arbitrary files accessible to the user running the tool. The vulnerability is triggered when an engineer opens a malicious XML file within the affected software. Siemens has released patches for V5.6 SP1 HF7, V5.7 SP1 HF1, and SINAMICS STARTER V5.7 HF2. Older versions (V5.4 and V5.5 for SIMOTION products, and V5.5–V5.6 for SINAMICS STARTER) have no scheduled fixes.
What this means
What could happen
An attacker could exploit XXE injection to read arbitrary files from the engineering workstation where SIMOTION SCOUT, SIMOTION SCOUT TIA, or SINAMICS STARTER runs, potentially exposing project files, credentials, or configuration data used to program motion controllers and drives.
Who's at risk
Engineering teams using SIMOTION SCOUT, SIMOTION SCOUT TIA (versions 5.4–5.7), or SINAMICS STARTER (versions 5.5–5.7) on workstations are affected. These are programming and configuration tools for Siemens motion controllers and variable frequency drives used in manufacturing automation, robotics, and other OT environments.
How it could be exploited
An attacker crafts a malicious XML file and tricks an engineer into opening it within one of the affected tools (via file import, opening a project, or similar workflow). The XXE payload executes on the engineer's workstation and reads files accessible to that user, such as project files or system configuration.
Prerequisites
- User interaction required: engineer must open a malicious XML file in the affected tool
- Local file system access from the user running the tool
- Target software must be installed on the workstation
User interaction requiredAffects engineering workstationsNo fix available for older versionsCould lead to disclosure of project files and credentials
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (11)
5 with fix6 EOL
ProductAffected VersionsFix Status
SIMOTION SCOUT TIA V5.6All versions < V5.6 SP1 HF75.6 SP1 HF7
SIMOTION SCOUT TIA V5.7All versions < V5.7 SP1 HF15.7 SP1 HF1
SIMOTION SCOUT V5.6All versions < V5.6 SP1 HF75.6 SP1 HF7
SIMOTION SCOUT V5.7All versions < V5.7 SP1 HF15.7 SP1 HF1
SINAMICS STARTER V5.7All versions < V5.7 HF25.7 HF2
SIMOTION SCOUT V5.5All versionsNo fix (EOL)
SIMOTION SCOUT TIA V5.4All versionsNo fix (EOL)
SINAMICS STARTER V5.5All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/1SIMOTION SCOUT TIA V5.4
WORKAROUNDFor SIMOTION SCOUT TIA V5.4 and V5.5, SIMOTION SCOUT V5.4 and V5.5, and SINAMICS STARTER V5.5 and V5.6, restrict file imports to trusted sources and avoid opening XML files from untrusted sources until patches are available
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
SIMOTION SCOUT V5.6
HOTFIXUpdate SIMOTION SCOUT V5.6 to version 5.6 SP1 HF7 or later
SIMOTION SCOUT V5.7
HOTFIXUpdate SIMOTION SCOUT V5.7 to version 5.7 SP1 HF1 or later
SIMOTION SCOUT TIA V5.6
HOTFIXUpdate SIMOTION SCOUT TIA V5.6 to version 5.6 SP1 HF7 or later
SIMOTION SCOUT TIA V5.7
HOTFIXUpdate SIMOTION SCOUT TIA V5.7 to version 5.7 SP1 HF1 or later
SINAMICS STARTER V5.7
HOTFIXUpdate SINAMICS STARTER V5.7 to version 5.7 HF2 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1cdc6452-cf3e-4677-9384-7e6771c7d8bd