CVE-2025-40584

Name of the Vulnerable Software and Affected Versions: SIMOTION SCOUT TIA versions 5.4, 5.5, 5.6 through 5.6 SP1 HF6, and 5.7 through 5.7 SP1 HF0 SIMOTION SCOUT versions 5.4, 5.5, 5.6 through 5.6 SP1 HF6, and 5.7 through 5.7 SP1 HF0 SINAMICS STARTER versions 5.5, 5.6, and 5.7

Description: The affected application contains an XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system.

Recommendations: SIMOTION SCOUT TIA versions 5.4, 5.5, and 5.6 through 5.6 SP1 HF6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMOTION SCOUT TIA version 5.7 through 5.7 SP1 HF0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMOTION SCOUT versions 5.4, 5.5, and 5.6 through 5.6 SP1 HF6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SIMOTION SCOUT version 5.7 through 5.7 SP1 HF0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINAMICS STARTER versions 5.5, 5.6, and 5.7: At the moment, there is no information about a newer version that contains a fix for this vulnerability.