CNNVD-202507-919 Information
CNNVD ID
CNNVD-202507-919
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Siemens TIA Project-Server等都是德国西门子(Siemens)公司的产品。Siemens TIA Project-Server是一款多人协作工具。Siemens TIA Project-Server V17是一款多人协作工具。Siemens Totally Integrated Automation Portal是一款工程组态平台。 Siemens多款产品存在代码问题漏洞,该漏洞源于应用程序不当处理文档根目录中上传的项目,可能导致具有贡献者权限的攻击者上传恶意项目导致拒绝服务。以下产品及版本受到影响:TIA Project-Server所有版本小于V2.1.1、TIA Project-Server V17所有版本、Totally Integrated Automation Portal V17所有版本、Totally Integrated Automation Portal V18所有版本、Totally Integrated Automation Portal V19所有版本、Totally Integrated Automation Portal V20所有版本小于V20 Update 3。
Description (English)
Siemens TIA Project-Server and others are products of Siemens Germany. Siemens TIA Project-Server is a multi-person collaboration tool. Siemens TIA Project-Server V17 is a multi-person collaboration tool. Siemens Totally Integraded Automation Portal is a platform for a project. Siemens had a code gap in a number of products, which stemmed from the application ’ s inappropriate handling of an item uploaded in the root directory of the document, which could lead to the uploading of a malicious project by an assailant with donor authority, leading to the denial of services. The following products and versions have been affected: all TIA Project-Server versions are less than V2.1.1, TIA Project-Server V17 versions, all Totally Integraded Automation Portal V17 versions, all Totally Integrated Automation Portal V18 versions, all Totally Integrated Automation Portal V19 versions, and all Totally Integrated Automation Portal V20 versions are smaller than V20 Update 3.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
西门子
Published
2025-07-08
Last Modified
2026-02-24
References
https://cert-portal.siemens.com/productcert/html/ssa-460466.html https://access.redhat.com/security/cve/cve-2025-27127
Patch
https://support.industry.siemens.com/cs/document/109810588/tia-project-server?lc=en-ww
Share on: