Access Control Vulnerability in Tecnomatix Plant Simulation by Siemens
CVE-2025-25266

7HIGH

Key Information:

Vendor: Siemens
Status: Tecnomatix Plant Simulation V2302; Tecnomatix Plant Simulation V2404
Vendor: CVE Published:; 11 March 2025

What is CVE-2025-25266?

A vulnerability has been identified in Tecnomatix Plant Simulation that can allow unauthorized attackers to gain access to file deletion functions. This misconfiguration may enable these attackers to delete files despite restricted access permissions, potentially leading to significant data loss or unauthorized changes to critical system files. Organizations using vulnerable versions of Tecnomatix Plant Simulation must address this issue to prevent possible data integrity breaches.

Affected Version(s)

Tecnomatix Plant Simulation V2302 0

Tecnomatix Plant Simulation V2404 0

References

https://cert-portal.siemens.com/productcert/html/ssa-5076...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 6, 2025