PatchSiren cyber security CVE debrief
CVE-2026-27662 Cert Portal CVE debrief
CVE-2026-27662 is a high-severity access-control weakness affecting multiple Siemens SIMATIC HMI panel models. When the required security mechanisms are not in place, an attacker may gain unauthorized access to the web browser through the Control Panel, which can expose backdoors, enable unauthorized actions, or reveal misconfigurations that increase the risk of further compromise.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) vers:intdot/<21 SIMATIC HMI MTP1000 Unified Comfort Panel hygienic (6AV2128-3KB40-0AX0) SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design (6AV2128-3KB70-0AX0) SIMATIC HMI MTP1000, Unified Comfort Panel neutral (6AV2128-3KB36-0AX1) SIMATIC HMI MTP1200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3MB27-1BX0) SIMATIC HMI MTP1200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3MB27-0BX0) SIMATIC HMI MTP1200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3MB27-0AX0) SIMATIC HMI MTP1200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3MB57-1BX0) SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3MB57-0BX0) SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3MB57-0AX0) SIMATIC HMI MTP1200 Unified Comfort Panel (6AV2128-3MB06-0AX1) SIMATIC HMI MTP1200 Unified Comfort Panel hygienic (6AV2128-3MB40-0AX0) SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design (6AV2128-3MB70-0AX0) SIMATIC HMI MTP1200 Unified Comfort Panel neutral design (6AV2128-3MB36-0AX1) SIMATIC HMI MTP1500 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3QB27-1BX0) SIMATIC HMI MTP1500 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3QB27-0BX0) SIMATIC HMI MTP1500 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3QB27-0AX0) SIMATIC HMI MTP1500 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3QB57-1BX0) SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3QB57-0BX0) SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3QB57-0AX0) SIMATIC HMI MTP1500 Unified Comfort Panel (6AV2128-3QB06-0AX1) SIMATIC HMI MTP1500 Unified Comfort Panel hygienic (6AV2128-3QB40-0AX0) SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design (6AV2128-3QB70-0AX0) SIMATIC HMI MTP1500 Unified Comfort Panel neutral design (6AV2128-3QB36-0AX1) SIMATIC HMI MTP1900 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3UB27-1BX0) SIMATIC HMI MTP1900 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3UB27-0BX0) SIMATIC HMI MTP1900 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3UB27-0AX0) SIMATIC HMI MTP1900 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3UB57-1BX0) SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3UB57-0BX0) SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3UB57-0AX0) SIMATIC HMI MTP1900 Unified Comfort Panel (6AV2128-3UB06-0AX1) SIMATIC HMI MTP1900 Unified Comfort Panel hygienic (6AV2128-3UB40-0AX0) SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design (6AV2128-3UB70-0AX0) SIMATIC HMI MTP1900 Unified Comfort Panel neutral design (6AV2128-3UB36-0AX1) SIMATIC HMI MTP2200 Comfort Pro for stand (expandable, flange at the bottom) (6AV2128-3XB27-1BX0) SIMATIC HMI MTP2200 Comfort Pro for support arm (expandable, round tube) and extension unit (6AV2128-3XB27-0BX0) SIMATIC HMI MTP2200 Comfort Pro for support arm (not extendable, flange on top) (6AV2128-3XB27-0AX0) SIMATIC HMI MTP2200 Comfort Pro neutral design for stand (expandable, flange at the bottom) (6AV2128-3XB57-1BX0) SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (expandable, round tube) and extensio (6AV2128-3XB57-0BX0) SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm (not extendable, flange on top) (6AV2128-3XB57-0AX0) SIMATIC HMI MTP2200 Unified Comfort Hygienic (6AV2128-3XB40-0AX0) SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design (6AV2128-3XB70-0AX0) SIMATIC HMI MTP2200 Unified Comfort Panel (6AV2128-3XB06-0AX1) SIMATIC HMI MTP2200 Unified Comfort Panel neutral design (6AV2128-3XB36-0AX1) SIMATIC HMI MTP700 Unified Comfort Panel (6AV2128-3GB06-0AX1) SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB40-0AX0) SIMATIC HMI MTP700 Unified Comfort Panel hygienic neutral design (6AV2128-3GB70-0AX0) SIMATIC HMI MTP700, Unified Comfort Panel neutral design (6AV2128-3GB36-0AX1) SIPLUS HMI MTP1000 Unified Comfort (6AG1128-3KB06-4AX1) SIPLUS HMI MTP1200 Unified Comfort (6AG1128-3MB06-4AX1) SIPLUS HMI MTP700 Unified Comfort (6AG1128-3GB06-4AX1)
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
OT/ICS operators using the affected Siemens SIMATIC HMI MTP and SIPLUS panel families, plus engineering, maintenance, and security teams responsible for HMI hardening, access protection, and version management.
Technical summary
The supplied advisory corpus says the affected devices do not properly restrict access to the web browser via the Control Panel when corresponding security mechanisms are absent. The impact described is unauthorized browser access with possible discovery of backdoors, unauthorized actions, or exploitation of misconfigurations. The source CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, and the corpus does not further explain the exact access path beyond the Control Panel exposure described by Siemens and CISA.
Defensive priority
High — prioritize where affected HMIs are deployed and Control Panel access protection is not enabled.
Recommended defensive actions
- Update affected devices to V21 or later, as recommended by Siemens.
- Follow the Siemens security guidelines cited in the advisory, especially section 3.2 'Ending HMI runtime', section 3.4.1 'Enable access protection for the Control Panel', and section 3.4.2 'Changing runtime autostart'.
- Disable the taskbar where appropriate via Control Panel > System Properties > Taskbar, per the advisory mitigation guidance.
- Validate that deployed panels cannot reach the web browser through the Control Panel without the intended security protections in place before returning systems to service.
Evidence notes
The source item is CISA CSAF ICSA-26-134-07, initial publication 2026-05-12 and CISA republication on 2026-05-14, republishing Siemens ProductCERT advisory SSA-387223. The supplied corpus lists many affected models, including SIMATIC HMI MTP1000/1200/1500/1900/2200/700 Unified Comfort variants, Comfort Pro variants, and SIPLUS HMI MTP1000/1200/700 Unified Comfort models. The advisory remediations include updating to V21 or later and applying Siemens access-protection guidance for the Control Panel. No KEV entry is supplied in the enrichment. The description says 'unauthenticated attacker', while the supplied CVSS vector is AV:L; the corpus does not fully resolve that access-condition detail.
Official resources
-
CVE-2026-27662 CVE record
CVE.org
-
CVE-2026-27662 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2026-05-12 in CISA CSAF ICSA-26-134-07, with a CISA republication of Siemens ProductCERT SSA-387223 on 2026-05-14.