Sign-up

ID

VAR-202507-0084


CVE

CVE-2025-23365


TITLE

Siemens'  TIA Administrator  access control vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2025-012194

DESCRIPTION

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code. Siemens' TIA Administrator contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens TIA Administrator is a management program used by Siemens of Germany to authorize and license SIMATIC products

Trust: 2.16

sources: NVD: CVE-2025-23365 // JVNDB: JVNDB-2025-012194 // CNVD: CNVD-2025-16623

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-16623

AFFECTED PRODUCTS

vendor:siemensmodel:tia administratorscope:ltversion:3.0.6

Trust: 1.6

vendor:シーメンスmodel:tia administratorscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:tia administratorscope:eqversion:3.0.6

Trust: 0.8

vendor:シーメンスmodel:tia administratorscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2025-16623 // JVNDB: JVNDB-2025-012194 // NVD: CVE-2025-23365

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2025-23365
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-012194
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-16623
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-16623
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2025-23365
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-012194
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-16623 // JVNDB: JVNDB-2025-012194 // NVD: CVE-2025-23365

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-012194 // NVD: CVE-2025-23365

PATCH

title:Patch for Siemens TIA Administrator Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/711141

Trust: 0.6

sources: CNVD: CNVD-2025-16623

EXTERNAL IDS

db:NVDid:CVE-2025-23365

Trust: 3.2

db:SIEMENSid:SSA-573669

Trust: 2.4

db:ICS CERTid:ICSA-25-191-03

Trust: 0.8

db:JVNid:JVNVU99667406

Trust: 0.8

db:JVNDBid:JVNDB-2025-012194

Trust: 0.8

db:CNVDid:CNVD-2025-16623

Trust: 0.6

sources: CNVD: CNVD-2025-16623 // JVNDB: JVNDB-2025-012194 // NVD: CVE-2025-23365

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-573669.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99667406/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-23365

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-03

Trust: 0.8

sources: CNVD: CNVD-2025-16623 // JVNDB: JVNDB-2025-012194 // NVD: CVE-2025-23365

SOURCES

db:CNVDid:CNVD-2025-16623
db:JVNDBid:JVNDB-2025-012194
db:NVDid:CVE-2025-23365

LAST UPDATE DATE

2025-08-26T19:39:24.763000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-16623date:2025-07-22T00:00:00
db:JVNDBid:JVNDB-2025-012194date:2025-08-25T01:09:00
db:NVDid:CVE-2025-23365date:2025-08-21T15:26:08.277

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-16623date:2025-07-22T00:00:00
db:JVNDBid:JVNDB-2025-012194date:2025-08-25T00:00:00
db:NVDid:CVE-2025-23365date:2025-07-08T11:15:26.860