CVE-2026-41125: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Siemens blueplanet 100 NX3 M8
A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M11 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions), blueplanet gridsafe 110 TL3-S (All versions), blueplanet gridsafe 137 TL3-S (All versions), blueplanet gridsafe 92.0 TL3-S (All versions), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). Improper neutralization of special elements used in an sql command ('sql injection') in KACO Meteor server allows an authorized attacker to elevate privileges over a local network.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-41125) involves improper neutralization of special elements used in SQL commands (SQL Injection) within the KACO Meteor server of Siemens blueplanet product lines. It affects all versions of numerous blueplanet models. An authorized attacker on the local network can exploit this flaw to elevate privileges. The CVSS 3.1 vector indicates the attack requires high privileges and high attack complexity, with no user interaction needed. The impact includes limited confidentiality loss but high impact on integrity and availability. Siemens has published the vulnerability but has not provided a remediation level or patch information.
Potential Impact
An authorized attacker on the local network can exploit this SQL Injection vulnerability to elevate privileges, potentially leading to unauthorized modification or disruption of system data and services. Confidentiality impact is low, but integrity and availability impacts are high. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Since no official fix or remediation level has been published, organizations should monitor Siemens advisories for updates. Restricting access to the affected systems to trusted users and networks may reduce risk until a patch is available.
CVE-2026-41125: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Siemens blueplanet 100 NX3 M8
Description
A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M11 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions), blueplanet gridsafe 110 TL3-S (All versions), blueplanet gridsafe 137 TL3-S (All versions), blueplanet gridsafe 92.0 TL3-S (All versions), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). Improper neutralization of special elements used in an sql command ('sql injection') in KACO Meteor server allows an authorized attacker to elevate privileges over a local network.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-41125) involves improper neutralization of special elements used in SQL commands (SQL Injection) within the KACO Meteor server of Siemens blueplanet product lines. It affects all versions of numerous blueplanet models. An authorized attacker on the local network can exploit this flaw to elevate privileges. The CVSS 3.1 vector indicates the attack requires high privileges and high attack complexity, with no user interaction needed. The impact includes limited confidentiality loss but high impact on integrity and availability. Siemens has published the vulnerability but has not provided a remediation level or patch information.
Potential Impact
An authorized attacker on the local network can exploit this SQL Injection vulnerability to elevate privileges, potentially leading to unauthorized modification or disruption of system data and services. Confidentiality impact is low, but integrity and availability impacts are high. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the Siemens vendor advisory for current remediation guidance. Since no official fix or remediation level has been published, organizations should monitor Siemens advisories for updates. Restricting access to the affected systems to trusted users and networks may reduce risk until a patch is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- siemens
- Date Reserved
- 2026-04-17T11:25:13.214Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a02f11acbff5d8610c13ae3
Added to database: 5/12/2026, 9:21:30 AM
Last enriched: 5/12/2026, 9:37:43 AM
Last updated: 5/13/2026, 4:52:52 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.