THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesMay 14, 2026

Siemens SIMATIC

Siemens SIMATIC HMI Unified Comfort Panels before V21.0 vulnerable to unauthenticated web browser access via help link.

Read at source

Summary

A vulnerability (CVE-2026-27662) in Siemens SIMATIC HMI Unified Comfort Panels before version V21.0 allows unauthenticated attackers to access the web browser through the Control Panel's help link, potentially enabling malicious reconfigurations. The vulnerability affects multiple panel models including MTP1000, MTP1200, MTP1500, and MTP1900 series. Siemens has released patches and recommends immediate updates to V21 or later, with CISA recommending network isolation and defensive measures for affected industrial control systems.

Full text

ICS Advisory Siemens SIMATIC Release DateMay 14, 2026 Alert CodeICSA-26-134-07 Related topics: Industrial Control System Vulnerabilities, Industrial Control Systems View CSAF Summary SIMATIC HMI Unified Comfort Panels before V21.0 are affected by a vulnerability that allows an unauthenticated attacker to access the web browser via the help link. This vulnerability allows an attacker to access the web browser through the Control Panel if it is not protected by the corresponding security mechanisms. This opens the possibility for the attacker to find backdoors, which might lead to unwanted misconfigurations. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens SIMATIC are affected: SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design (6AV2128-3KB70-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1000, Unified Comfort Panel neutral (6AV2128-3KB36-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3MB27-1BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3MB27-0BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3MB27-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3MB57-1BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3MB57-0BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3MB57-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Unified Comfort Panel (6AV2128-3MB06-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Unified Comfort Panel hygienic (6AV2128-3MB40-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design (6AV2128-3MB70-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1200 Unified Comfort Panel neutral design (6AV2128-3MB36-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3QB27-1BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3QB27-0BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3QB27-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3QB57-1BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3QB57-0BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3QB57-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Unified Comfort Panel (6AV2128-3QB06-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Unified Comfort Panel hygienic (6AV2128-3QB40-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design (6AV2128-3QB70-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1500 Unified Comfort Panel neutral design (6AV2128-3QB36-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3UB27-1BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3UB27-0BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3UB27-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3UB57-1BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3UB57-0BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3UB57-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Unified Comfort Panel (6AV2128-3UB06-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Unified Comfort Panel hygienic (6AV2128-3UB40-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design (6AV2128-3UB70-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP1900 Unified Comfort Panel neutral design (6AV2128-3UB36-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3XB27-1BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3XB27-0BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3XB27-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3XB57-1BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3XB57-0BX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3XB57-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Unified Comfort Hygienic (6AV2128-3XB40-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design (6AV2128-3XB70-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Unified Comfort Panel (6AV2128-3XB06-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP2200 Unified Comfort Panel neutral design (6AV2128-3XB36-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP700 Unified Comfort Panel (6AV2128-3GB06-0AX1) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB40-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB70-0AX0) vers:intdot/<21 (CVE-2026-27662) SIMATIC HMI MTP700, Unified Comfort Panel neutral design (6AV2128-3GB36-0AX1) vers:intdot/<21 (CVE-2026-27662) SIPLUS HMI MTP1000 Unified Comfort (6AG1128-3KB06-4AX1) vers:intdot/<21 (CVE-2026-27662) SIPLUS HMI MTP1200 Unified Comfort (6AG1128-3MB06-4AX1) vers:intdot/<21 (CVE-2026-27662) SIPLUS HMI MTP700 Unified Comfort (6AG1128-3GB06-4AX1) vers:intdot/<21 (CVE-2026-27662) CVSS Vendor Equipment Vulnerabilities v3 7.7 Siemens Siemens SIMATIC Initialization of a Resource with an Insecure Default Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-27662 Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performing unauthorized actions, or exploiting misconfigurations that may lead to further system compromise. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1), SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0),

Indicators of Compromise

  • cve — CVE-2026-27662

Entities

Siemens (vendor)SIMATIC HMI Unified Comfort Panels (MTP1000, MTP1200, MTP1500, MTP1900) (product)Industrial Control Systems (ICS) (technology)