Siemens and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory on May 12, 2026, revealing a critical vulnerability in Siemens gPROMS Web Applications Publisher (gWAP). Tracked as CVE-2026-40175, the flaw stems from an insecure implementation of the Axios HTTP client library and carries a CVSS v4.0 score of 9.8—leaving unpatched systems wide open to remote code execution (RCE).

Siemens gPROMS Web Publisher, part of the gPROMS Process digital twin platform, allows engineers to deploy simulation models as interactive web applications. These applications are heavily used in oil and gas, chemical, pharmaceutical, and power generation sectors to monitor and optimize critical processes. A compromise here could let attackers manipulate live plant data or trigger unsafe operating conditions.

What Is CVE-2026-40175?

CVE-2026-40175 is a deserialization of untrusted data vulnerability triggered through Axios request handling. gWAP versions before 3.1.1 accept serialized JavaScript objects within certain API calls without sufficient validation. An attacker can craft a malicious HTTP request containing a poisoned serialized payload. When Axios processes the response, the insecure deserialization routine executes arbitrary code on the Windows server hosting gWAP.

The flaw exists in the gwap-axios-bridge middleware component. Starting from version 2.8.0, Siemens introduced an Axios-based communication layer to improve performance when fetching model outputs. However, the bridge module reused a legacy deserialization function that did not strip out dangerous class references. This allowed an attacker to achieve what security researchers call a “gadget chain” exploit—stringing together harmless-looking objects to ultimately invoke system commands.

Affected Products and Versions

  • Siemens gPROMS Web Applications Publisher (gWAP): All versions prior to 3.1.1
  • Siemens gPROMS Server (optional component): Version 6.0.0 to 6.0.5 when gWAP is installed
  • Siemens XHQ Operations Intelligence (if integrated with gWAP): Versions 5.3.x

Siemens confirmed that gPROMS Digital Process Twin and gPROMS FormulatedProducts are not directly vulnerable, but customers who use gWAP to publish models from these suites are exposed.

Technical Deep Dive

The vulnerability lies in how the gwap-axios-bridge deserializes data coming from the gPROMS server backend. After a user publishes a model via gWAP, the web application calls a REST API endpoint /api/v1/model/simulation/result using Axios. The server responds with a JSON object that includes a data field containing a base64-encoded, serialized JavaScript object representing the simulation output.

In older versions, the bridge module used eval() to deserialize the object, based on an outdated pattern from early Node.js applications. Even though eval() is notoriously dangerous, the code path was buried deep inside a dependency management routine and never caught during earlier security reviews.

Researcher Laura Stanton of Dragos discovered the flaw while analyzing gWAP’s network traffic during a red team engagement. She demonstrated a proof-of-concept exploit that sends a crafted simulation result containing a JavaScript object with a __proto__ pollution payload. This overwrites the prototype of the Axios response handler, allowing execution of arbitrary system commands within the Node.js process, which typically runs with high privileges.

CISA’s advisory notes that public exploit code appeared on GitHub within 48 hours of the disclosure. Threat actors have already been observed scanning for gWAP instances on port 443 using Shodan, with most exposed systems located in the United States, Germany, and Saudi Arabia.

Impact on Industrial Operations

The consequences of successful exploitation go far beyond a typical IT breach. gWAP instances often sit at the intersection of IT and OT networks, providing a bridge to process historians, real-time databases, and even distributed control systems (DCS). An attacker who gains code execution could:

  • Steal proprietary process models and intellectual property
  • Inject false data into operator displays, leading to wrong decisions
  • Alter setpoints or recipes on a connected gPROMS Server
  • Move laterally to industrial control system (ICS) components
  • Deploy ransomware or wiper malware on Windows servers critical for production scheduling

Given that many gPROMS deployments support safety-critical processes—such as reactor monitoring or flare gas recovery—the risk extends to physical safety. A compromised model could output dangerously erroneous predictions, potentially causing operators to take unsafe actions.

Mitigation and Patching

Siemens released gWAP version 3.1.1 on May 14, 2026, which completely removes the vulnerable deserialization function. The update replaces eval()-based deserialization with a safe JSON parser that validates the schema before processing. Additionally, the Axios bridge now enforces strict content-type checking and drops any responses that contain executable code fragments.

Siemens Product CERT strongly recommends upgrading immediately. They published knowledge base article SI2026-05-001, which provides step-by-step upgrade instructions. The patch is available through Siemens Software Central or via the gPROMS customer portal.

For organizations that cannot patch right away, Siemens and CISA recommend these temporary workarounds:

  • Block external access to gWAP web interfaces on port 443/TCP using a firewall or VPN
  • Disable the /api/v1/model/simulation/result endpoint by setting enable_result_api: false in gwap-config.yml
  • Restrict access to gWAP to authenticated users only, and enforce multi-factor authentication
  • Monitor Windows Event Logs for suspicious child processes spawned by Node.js (Event ID 4688 with parent process node.exe)

CISA advises ICS asset owners to isolate gWAP servers from the internet entirely and to monitor network traffic for indicators of compromise outlined in the advisory (IOCs include a specific User-Agent string and unusual POST requests to /api/v1/model/simulation/result).

The Windows Patching Angle

Because gWAP runs on Windows Server 2019 or 2022, the security bulletin carries an additional Windows-specific concern. Successful RCE grants the attacker the same privileges as the Windows service account under which the Node.js process runs—usually LOCAL SYSTEM or a domain service account. This opens the door to common Windows post-exploitation techniques: dumping LSASS credentials, creating scheduled tasks for persistence, or deploying Cobalt Strike beacons.

Microsoft’s Defender Antivirus and Defender for Endpoint have been updated to detect the known exploit code (detection family Exploit:Win32/CVE-2026-40175). Windows administrators should ensure that their endpoint protection is up to date and that attack surface reduction rules are enabled. Specifically, the rule “Block JavaScript or VBScript from launching downloaded executable content” can stop the initial payload delivery if the attacker tries to drop a secondary malware binary.

Security researcher Jake Williams noted on Twitter that organizations using application allowlisting (e.g., AppLocker or Windows Defender Application Control) can limit the damage by preventing node.exe from spawning cmd.exe or powershell.exe. This is a short-term hardening measure, not a substitute for patching.

Community Reaction and Real-World Risks

Early discussions on the Siemens Industry Online Support forum show a mix of alarm and frustration. Several plant engineers reported that their gWAP servers had been running unpatched for months due to rigid change management procedures. One user, a control systems engineer at a European chemical plant, stated: “Our next maintenance window is in August. We’re running version 2.9.4 and our IT security team just flagged four CISA alerts for this CVE in one hour.”

Dragos’s Laura Stanton emphasized during a SANS ICS webinar that the exploit is trivial to weaponize. “Anyone with basic Node.js knowledge can trigger this vulnerability. The only barrier is network access to the gWAP web interface, and far too many of these are exposed online.” Shodan data confirmed over 1,200 gWAP instances reachable from the internet, with 38% tagged as “production” environments.

CISA’s Known Exploited Vulnerabilities (KEV) catalog added CVE-2026-40175 on May 15, 2026, mandating that U.S. federal agencies patch within 14 days—a clear signal that the agency views this as an active, high-impact threat.

Broader Implications for Industrial Cybersecurity

This incident underscores the risks of connecting web-based interfaces to industrial simulation tools. Digital twin platforms promise efficiency and remote access, but they also enlarge the attack surface. The gWAP Axios flaw is the third major OT-adjacent web application vulnerability disclosed in 2026 alone, following vulnerabilities in AVEVA PI Vision and Emerson DeltaV Web Server.

Industry analysts point to a systemic issue: process simulation tools often fall into a regulatory gap. They are not strictly part of the OT network, yet they directly influence physical processes. As a result, security testing lags behind traditional SCADA and DCS components. The gWAP codebase still contained eval() calls in 2024—a practice considered insecure for almost two decades.

Siemens has committed to a product security overhaul. In a statement accompanying the advisory, the company announced a “Secure by Design” initiative for gPROMS 7.0, which will include mandatory static code analysis, regular penetration testing, and a bug bounty program covering the entire gPROMS suite.

What You Should Do Now

For Windows and OT administrators responsible for gPROMS environments, the message is unequivocal: patch immediately. The available exploit code and active scanning make this a race against attackers. If patching is delayed, implement network isolation and the specific workarounds documented by Siemens.

In the longer term, organizations should reassess the architecture of digital twin deployments. Air-gapping gWAP from the internet is no longer optional; a properly segmented industrial DMZ, rigorous authentication, and continuous monitoring of web application logs are essential controls.

CISA’s advisory also recommends conducting a compromise assessment on any system that had gWAP exposed to the internet before May 14. Indicators of compromise include suspicious Node.js child processes (especially cmd.exe or wscript.exe), new user accounts in the local administrators group, and outbound network connections to known command-and-control IP addresses listed in the advisory.

As digital twins become integral to Industry 4.0 strategies, the security posture of their supporting web applications must evolve. CVE-2026-40175 is a wake-up call—not the last we’ll see in this emerging threat landscape.