CVE-2025-23365

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-573669.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*

History

21 Aug 2025, 15:26

Type	Values Removed	Values Added
First Time		Siemens Siemens tia Administrator
CPE		cpe:2.3:a:siemens:tia_administrator::::::::
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-573669.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-573669.html - Vendor Advisory

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en TIA Administrator (todas las versiones anteriores a la V3.0.6). La aplicación afectada permite a usuarios con pocos privilegios activar instalaciones sobrescribiendo archivos de caché y modificando la ruta de descarga. Esto permitiría a un atacante escalar privilegios y ejecutar código arbitrario.

08 Jul 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 11:15

Updated : 2025-08-21 15:26

NVD link : CVE-2025-23365

Mitre link : CVE-2025-23365

CVE.ORG link : CVE-2025-23365

JSON object : View

Products Affected

siemens

tia_administrator

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-23365", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-08T11:15:26.860", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-573669.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en TIA Administrator (todas las versiones anteriores a la V3.0.6). La aplicaci\u00f3n afectada permite a usuarios con pocos privilegios activar instalaciones sobrescribiendo archivos de cach\u00e9 y modificando la ruta de descarga. Esto permitir\u00eda a un atacante escalar privilegios y ejecutar c\u00f3digo arbitrario."}], "lastModified": "2025-08-21T15:26:08.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43911B67-89C5-4858-8FD6-06F24E42E102", "versionEndExcluding": "3.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}