CNNVD-202507-918 Information
CNNVD ID
CNNVD-202507-918
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Siemens TIA Administrator是德国西门子(Siemens)公司的一款用于授权和许可SIMATIC产品的管理程序。 Siemens TIA Administrator 3.0.6之前版本存在访问控制错误漏洞,该漏洞源于低权限用户可通过覆盖缓存文件和修改下载路径触发安装,可能导致权限提升和任意代码执行。
Description (English)
Siemens TIA Administrator is a German company, Siemens, which administers and licenses SIMATIC products. There was a bug in access control before Siemens TIA Administrator 3.6, which originated from a low-permit user who could trigger the installation by overriding the cache file and modifying the download path, which could lead to a power upgrade and any code execution.
Hazard Level
Medium
Vulnerability Type
访问控制错误
Affected Vendor
西门子
Published
2025-07-08
Last Modified
2026-02-24
References
https://cert-portal.siemens.com/productcert/html/ssa-573669.html https://nvd.nist.gov/vuln/detail/CVE-2025-23365
Patch
https://support.industry.siemens.com/cs/document/109825038/tia-administrator-updates?dti=0&lc=en-WW
Share on: