Primary

Context

Siemens TIA Portal and Project-Server Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in multiple versions of TIA Project-Server and TIA Portal. The issue arises from the applications improperly managing uploaded projects in the document root. This flaw could enable an attacker with contributor privileges to disrupt service by uploading a malicious project.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Remediation

Users of TIA Project-Server should update to version 2.1.1 or later. For TIA Project-Server V17, no fix is currently planned. General security recommendations include protecting network access to devices and following Siemens' operational guidelines for Industrial Security.

Added: Jul 8, 2025, 11:44 AM

Updated: Jul 8, 2025, 11:44 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens TIA Portal and Project-Server Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens TIA Project-Server

Siemens TIA Portal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating