5.3
CVE-2025-27127
- EPSS 0.06%
- Published 08.07.2025 10:34:31
- Last modified 12.08.2025 12:15:34
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 4), Totally Integrated Automation Portal (TIA Portal) V20 (All versions < V20 Update 3). The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSiemens
≫
Product
TIA Project-Server
Default Statusunknown
Version <
V2.1.1
Version
0
Status
affected
VendorSiemens
≫
Product
TIA Project-Server V17
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Totally Integrated Automation Portal (TIA Portal) V17
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Totally Integrated Automation Portal (TIA Portal) V18
Default Statusunknown
Version <
*
Version
0
Status
affected
VendorSiemens
≫
Product
Totally Integrated Automation Portal (TIA Portal) V19
Default Statusunknown
Version <
V19 Update 4
Version
0
Status
affected
VendorSiemens
≫
Product
Totally Integrated Automation Portal (TIA Portal) V20
Default Statusunknown
Version <
V20 Update 3
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.179 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| productcert@siemens.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| productcert@siemens.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.