Multiple vulnerabilities in Siemens TIA Administrator
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-23364 CVE-2025-23365 |
| CWE-ID | CWE-347 CWE-284 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
TIA Administrator (TIA Portal) Server applications / SCADA systems |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU112900
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-23364
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the lack of proper verification of a cryptographic signature. A local attacker can bypass the check and execute arbitrary code during installations.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTIA Administrator (TIA Portal): before 3.0.6
CPE2.3 External linkshttps://cert-portal.siemens.com/productcert/html/ssa-573669.html
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU112901
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-23365
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can overwrite cache files and modify the downloads path, leading to privilege escalation and arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTIA Administrator (TIA Portal): before 3.0.6
CPE2.3 External linkshttps://cert-portal.siemens.com/productcert/html/ssa-573669.html
https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-03
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
