[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGbO3n2Np0IOLWyux-gJiFlXuuwZL8f2fffmLXZlK8wc":3},{"article":4,"iocs":37},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":27,"category":28,"article_tags":31},"1f807db1-a6bb-4fcf-aacd-1ecab22d9b51","Siemens SIMATIC","siemens-simatic-586078","View CSAF Summary SIMATIC HMI Unified Comfort Panels before V21.0 are affected by a vulnerability that allows an unauthenticated attacker to access the web browser via the help link. This vulnerability allows an attacker to access the web browser through the Control Panel if it is not protected by the corresponding security mechanisms. This opens the possibility for the attacker to find backdoors, which might lead to unwanted misconfigurations. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens SIMATIC are affected: SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) vers:intdot\u002F System Properties > Taskbar. Vendor fix Update to V21 or later version https:\u002F\u002Fsupport.industry.siemens.com\u002Fcs\u002Fww\u002Fen\u002Fview\u002F109825605\u002F Relevant CWE: CWE-1188 Initialization of a Resource with an Insecure Default Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.7 HIGH CVSS:3.1\u002FAV:L\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H Acknowledgments Siemens ProductCERT reported this vulnerability to CISA. General Recommendations As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https:\u002F\u002Fwww.siemens.com\u002Fcert\u002Foperational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https:\u002F\u002Fwww.siemens.com\u002Findustrialsecurity Additional Resources For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https:\u002F\u002Fwww.siemens.com\u002Fcert\u002Fadvisories Terms of Use The use of Siemens Security Advisories is subject to the terms and conditions listed on: https:\u002F\u002Fwww.siemens.com\u002Fproductcert\u002Fterms-of-use. Legal Notice and Terms of Use This product is provided subject to this Notification (https:\u002F\u002Fwww.cisa.gov\u002Fnotification) and this Privacy & Use policy (https:\u002F\u002Fwww.cisa.gov\u002Fprivacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. Minimize network exposure for all control system devices and\u002For systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. Advisory Conversion Disclaimer This ICSA is a verbatim republication of Siemens ProductCERT SSA-387223 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory. Revision History Initial Release Date: 2026-05-12 Date Revision Summary 2026-05-12 1 Publication Date 2026-05-14 2 Initial CISA Republication of Siemens ProductCERT SSA-387223 advisory Legal Notice and Terms of Use","A vulnerability (CVE-2026-27662) in Siemens SIMATIC HMI Unified Comfort Panels before version V21.0 allows unauthenticated attackers to access the web browser through the Control Panel's help link, potentially enabling malicious reconfigurations. The vulnerability affects multiple panel models including MTP1000, MTP1200, MTP1500, and MTP1900 series. Siemens has released patches and recommends immediate updates to V21 or later, with CISA recommending network isolation and defensive measures for affected industrial control systems.","Siemens SIMATIC HMI Unified Comfort Panels before V21.0 vulnerable to unauthenticated web browser access via help link.","ICS Advisory Siemens SIMATIC Release DateMay 14, 2026 Alert CodeICSA-26-134-07 Related topics: Industrial Control System Vulnerabilities, Industrial Control Systems View CSAF Summary SIMATIC HMI Unified Comfort Panels before V21.0 are affected by a vulnerability that allows an unauthenticated attacker to access the web browser via the help link. This vulnerability allows an attacker to access the web browser through the Control Panel if it is not protected by the corresponding security mechanisms. This opens the possibility for the attacker to find backdoors, which might lead to unwanted misconfigurations. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens SIMATIC are affected: SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design (6AV2128-3KB70-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1000, Unified Comfort Panel neutral (6AV2128-3KB36-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3MB27-1BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3MB27-0BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3MB27-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3MB57-1BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3MB57-0BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3MB57-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Unified Comfort Panel (6AV2128-3MB06-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Unified Comfort Panel hygienic (6AV2128-3MB40-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design (6AV2128-3MB70-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1200 Unified Comfort Panel neutral design (6AV2128-3MB36-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3QB27-1BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3QB27-0BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3QB27-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3QB57-1BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3QB57-0BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3QB57-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Unified Comfort Panel (6AV2128-3QB06-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Unified Comfort Panel hygienic (6AV2128-3QB40-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design (6AV2128-3QB70-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1500 Unified Comfort Panel neutral design (6AV2128-3QB36-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3UB27-1BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3UB27-0BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3UB27-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3UB57-1BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3UB57-0BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3UB57-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Unified Comfort Panel (6AV2128-3UB06-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Unified Comfort Panel hygienic (6AV2128-3UB40-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design (6AV2128-3UB70-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP1900 Unified Comfort Panel neutral design (6AV2128-3UB36-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3XB27-1BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3XB27-0BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3XB27-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3XB57-1BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3XB57-0BX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3XB57-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Unified Comfort Hygienic (6AV2128-3XB40-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design (6AV2128-3XB70-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Unified Comfort Panel (6AV2128-3XB06-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP2200 Unified Comfort Panel neutral design (6AV2128-3XB36-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP700 Unified Comfort Panel (6AV2128-3GB06-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB40-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB70-0AX0) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIMATIC HMI MTP700, Unified Comfort Panel neutral design (6AV2128-3GB36-0AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIPLUS HMI MTP1000 Unified Comfort (6AG1128-3KB06-4AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIPLUS HMI MTP1200 Unified Comfort (6AG1128-3MB06-4AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) SIPLUS HMI MTP700 Unified Comfort (6AG1128-3GB06-4AX1) vers:intdot\u002F\u003C21 (CVE-2026-27662) CVSS Vendor Equipment Vulnerabilities v3 7.7 Siemens Siemens SIMATIC Initialization of a Resource with an Insecure Default Background Critical Infrastructure Sectors: Critical Manufacturing Countries\u002FAreas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-27662 Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performing unauthorized actions, or exploiting misconfigurations that may lead to further system compromise. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1), SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0), ","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-134-07",null,"2026-05-14T12:00:00+00:00","2026-05-14T16:00:43.932609+00:00",9,[18,21,24],{"name":19,"type":20},"Siemens","vendor",{"name":22,"type":23},"SIMATIC HMI Unified Comfort Panels (MTP1000, MTP1200, MTP1500, MTP1900)","product",{"name":25,"type":26},"Industrial Control Systems (ICS)","technology","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":27,"icon":13,"name":29,"slug":30},"Vulnerabilities","vulnerabilities",[32],{"category":33},{"id":34,"icon":13,"name":35,"slug":36},"d6f63bb8-0801-486a-be7f-171400700454","IoT\u002FOT","iot-ot",[38],{"type":39,"value":40,"context":41},"cve","CVE-2026-27662","Unauthenticated web browser access vulnerability in Siemens SIMATIC HMI Unified Comfort Panels"]