CVE-2025-27127

EPSS 0.06%
Veröffentlicht 08.07.2025 10:34:31
Zuletzt bearbeitet 12.08.2025 12:15:34
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 4), Totally Integrated Automation Portal (TIA Portal) V20 (All versions < V20 Update 3). The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSiemens

≫

Produkt TIA Project-Server

Default Statusunknown

Version < V2.1.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt TIA Project-Server V17

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V17

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V18

Default Statusunknown

Version < *

Version 0

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V19

Default Statusunknown

Version < V19 Update 4

Version 0

Status affected

HerstellerSiemens

≫

Produkt Totally Integrated Automation Portal (TIA Portal) V20

Default Statusunknown

Version < V20 Update 3

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.179

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://cert-portal.siemens.com/productcert/html/ssa-460466.html

https://nvd.nist.gov/vuln/detail/CVE-2025-27127

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27127

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27127

EUVD