CVE-2025-27127

EPSS 0.27%
Veröffentlicht 08.07.2025 10:34:31
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 4), Totally Integrated Automation Portal (TIA Portal) V20 (All versions < V20 Update 3). The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

CNA 6 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSiemens

≫

Produkt TIA Project-Server

Default Statusunknown

Version 0

Version < V2.1.1

Status affected

HerstellerSiemens

≫

Produkt TIA Project-Server V17

Default Statusunknown

Version 0

Version < *

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V17

Default Statusunknown

Version 0

Version < *

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V18

Default Statusunknown

Version 0

Version < *

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V19

Default Statusunknown

Version 0

Version < V19 Update 4

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V20

Default Statusunknown

Version 0

Version < V20 Update 3

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.508

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://cert-portal.siemens.com/productcert/html/ssa-460466.html

https://nvd.nist.gov/vuln/detail/CVE-2025-27127

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27127

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27127

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-27127