Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25787)

critical Tenable OT Security Plugin ID 505537

Version 1.3

Jul 7, 2026, 11:10 AM

  • CVSS metrics ("CVSSv2 score" set to 8.3)
  • CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C")
  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C")
  • CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C")
  • Exploit attributes ("Exploit available" set to "False")
  • Exploit attributes ("Exploitability ease" set to "No known exploits are available")

Plugin Feed: 202607071110

Version 1.2

Jul 7, 2026, 5:47 AM

  • Plugin metadata

Plugin Feed: 202607070547

Version 1.1

Jul 6, 2026, 3:53 PM

  • New

Plugin Feed: 202607061553

* Changelogs are generally available for changes made after Nov 1, 2022