THE Cybersecurity and Infrastructure Security Agency has published an ICS Advisory titled Siemens SIMATIC (ICSA-26-134-07), released on 14 May 2026. It outlines a vulnerability in SIMATIC HMI Unified Comfort Panels before V21.0 that could allow an unauthenticated attacker to access the web browser via the Control Panel, potentially enabling backdoor discovery or misconfigurations.
The affected products include a wide range of SIMATIC HMI Unified Comfort Panels and related variants, all associated with CVE-2026-27662 and a CVSS v3 base score of 7.7 (HIGH). Mitigations include complying with Siemens security guidelines and disabling the taskbar, with a vendor fix to update to V21 or later versions; further details are available through Siemens’ support page. According to Siemens ProductCERT, this advisory is a republication from its CS AFR framework, intended to increase visibility. This alert recommends minimising network exposure and following defence‑in‑depth practices to reduce exploitation risk.