Detections
Analytics
Siemens SIMATIC TIA Portal < V20 Update 3 DoS (SSA-460466)
medium Nessus Plugin ID 241711
Synopsis
The remote host is affected by a denial of service vulnerability.Description
The version of Siemens SIMATIC TIA Portal installed on the remote Windows host is affected by a denial of service (DoS) vulnerability. The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update to V20 Update 3 or later.See Also
https://cert-portal.siemens.com/productcert/html/ssa-460466.html
Plugin Details
Severity: Medium
ID: 241711
File Name: scada_siemens_tia_ssa-460466.nbin
Version: 1.2
Type: local
Agent: windows
Family: SCADA
Published: 7/10/2025
Updated: 7/14/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.9
CVSS v2
Risk Factor: Medium
Base Score: 4
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS Score Source: CVE-2025-27127
CVSS v3
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Information
CPE: x-cpe:/a:siemens:tia_portal, cpe:/a:siemens:totally_integrated_automation_portal
Required KB Items: installed_sw/Siemens Totally Integrated Automation Portal
Patch Publication Date: 7/8/2025
Vulnerability Publication Date: 7/8/2025
Reference Information
CVE: CVE-2025-27127
IAVB: 2025-B-0112