Denial of Service Vulnerability in TIA Project-Server and TIA Portal by Siemens
CVE-2025-27127

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Tia Project-server; Tia Project-server V17; Totally Integrated Automation Portal (tia Portal) V17; Totally Integrated Automation Portal (tia Portal) V18
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-27127?

A documented vulnerability in Siemens TIA Project-Server and TIA Portal allows an attacker with contributor privileges to exploit how uploaded projects are handled in the document root. By uploading a malicious project, the attacker can trigger a denial of service, impacting system availability. Affected versions span multiple releases of TIA Portal and TIA Project-Server before specific updates are applied, necessitating immediate attention and remediation from users.

Affected Version(s)

TIA Project-Server 0

TIA Project-Server V17 0

Totally Integrated Automation Portal (TIA Portal) V17 0

References

https://cert-portal.siemens.com/productcert/html/ssa-4604...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Feb 19, 2025