Full Report
A vulnerability in TIA Project Server and TIA Portal could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Denial of Service in TIA Project Server and TIA Portal
## CVE Details
- **CVE ID:** CVE-2025-27127
- **CVSS Score:**
- CVSS v4.0: 5.3 (Medium)
- CVSS v3.1: 4.3 (Medium)
- **CWE:** CWE-434: Unrestricted Upload of File with Dangerous Type
## Affected Systems
- **Products:**
- TIA Project-Server (formerly TIA Multiuser Server)
- Totally Integrated Automation Portal (TIA Portal)
- **Versions:**
- TIA Project-Server: All versions < V2.1.1
- TIA Project-Server V17: All versions
- TIA Portal V17 & V18: All versions
- TIA Portal V19: All versions < V19 Update 4
- TIA Portal V20: All versions < V20 Update 3
- **Configurations:** Systems where users have "contributor" privileges.
## Vulnerability Description
The vulnerability stems from the improper handling of uploaded projects within the application's document root. Specifically, the application does not sufficiently validate or restrict the contents of project files uploaded by users. An attacker with contributor-level privileges can upload a specially crafted "malicious project" that, when processed by the server, triggers a denial of service (DoS) condition, impacting the availability of the TIA environment.
## Exploitation
- **Status:** Proof of Concept (PoC) available (based on CVSS Exploit Code Maturity: Functional/Proven).
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
- **Requirements:** Authenticated "Contributor" privileges are required to perform the upload.
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** Low (Partial denial of service to the application/server)
## Remediation
### Patches
Siemens recommends updating to the following versions:
- **TIA Project-Server:** Update to V2.1.1 or later.
- **TIA Portal V19:** Update to V19 Update 4 or later.
- **TIA Portal V20:** Update to V20 Update 3 or later.
*Note: For TIA Project-Server V17, TIA Portal V17, and TIA Portal V18, no fixes are currently planned.*
### Workarounds
- **Access Control:** Restrict "contributor" privileges to known and trusted personnel only.
- **Network Segmentation:** Protect network access to affected devices using firewalls and segmenting the Industrial Control System (ICS) network from the corporate IT network.
- **Operational Guidelines:** Adhere to Siemens’ operational guidelines for Industrial Security, ensuring devices are operated only within protected IT environments.
## Detection
- **Indicators of Compromise:** Unusual application crashes or system instability immediately following the upload of a new project by a user.
- **Detection methods:** Monitor system logs for file upload activities to the document root, specifically auditing the accounts with contributor permissions.
## References
- **Vendor Advisory:** hxxps://cert-portal.siemens[.]com/productcert/html/ssa-460466.html
- **TIA Project-Server Support:** hxxps://support.industry.siemens[.]com/cs/ww/en/view/109810588/
- **TIA Portal V19 Update:** hxxps://support.industry.siemens[.]com/cs/ww/en/view/109925643/
- **TIA Portal V20 Update:** hxxps://support.industry.siemens[.]com/cs/ww/en/view/109963851/
- **Siemens Industrial Security Guidelines:** hxxps://www.siemens[.]com/cert/operational-guidelines-industrial-security