Sign-up

ID

VAR-202503-0304


CVE

CVE-2025-25266


TITLE

Siemens'  Tecnomatix Plant Simulation  Vulnerability in externally accessible files or directories in

Trust: 0.8

sources: JVNDB: JVNDB-2025-014753

DESCRIPTION

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files. Siemens' Tecnomatix Plant Simulation Exists in a vulnerability in externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-25266 // JVNDB: JVNDB-2025-014753

AFFECTED PRODUCTS

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:2302.0021

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:gteversion:2404.0

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:gteversion:2302.0

Trust: 1.0

vendor:siemensmodel:tecnomatix plant simulationscope:ltversion:2404.0010

Trust: 1.0

vendor:シーメンスmodel:tecnomatix plant simulationscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion:2404.0 that's all 2404.0010

Trust: 0.8

vendor:シーメンスmodel:tecnomatix plant simulationscope:eqversion:2302.0 that's all 2302.0021

Trust: 0.8

sources: JVNDB: JVNDB-2025-014753 // NVD: CVE-2025-25266

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2025-25266
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-25266
value: MEDIUM

Trust: 1.0

NVD: CVE-2025-25266
value: MEDIUM

Trust: 0.8

productcert@siemens.com: CVE-2025-25266
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 4.2
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-25266
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2025-25266
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-014753 // NVD: CVE-2025-25266 // NVD: CVE-2025-25266

PROBLEMTYPE DATA

problemtype:CWE-552

Trust: 1.0

problemtype:Externally accessible file or directory (CWE-552) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-014753 // NVD: CVE-2025-25266

EXTERNAL IDS

db:NVDid:CVE-2025-25266

Trust: 2.6

db:SIEMENSid:SSA-507653

Trust: 1.8

db:ICS CERTid:ICSA-25-072-08

Trust: 0.8

db:JVNid:JVNVU92252869

Trust: 0.8

db:JVNDBid:JVNDB-2025-014753

Trust: 0.8

sources: JVNDB: JVNDB-2025-014753 // NVD: CVE-2025-25266

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-507653.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu92252869/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-25266

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-08

Trust: 0.8

sources: JVNDB: JVNDB-2025-014753 // NVD: CVE-2025-25266

SOURCES

db:JVNDBid:JVNDB-2025-014753
db:NVDid:CVE-2025-25266

LAST UPDATE DATE

2025-10-03T22:57:28.587000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-014753date:2025-09-30T08:48:00
db:NVDid:CVE-2025-25266date:2025-09-23T15:28:18.417

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-014753date:2025-09-30T00:00:00
db:NVDid:CVE-2025-25266date:2025-03-11T10:15:17.850