Siemens TIA Administrator

Plan Patch7.8ICS-CERT ICSA-25-191-03Jul 8, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens TIA Administrator versions before 3.0.6 contain multiple vulnerabilities that allow privilege escalation and arbitrary code execution during installation or through credential handling issues. An attacker with local user access could exploit these to gain elevated privileges and execute commands on the engineering workstation. These vulnerabilities are not remotely exploitable. Siemens has released version 3.0.6 with fixes.

What this means

What could happen

An attacker with local access to a TIA Administrator installation could escalate privileges or execute arbitrary code, potentially gaining control over engineering configurations and deployments to industrial control systems.

Who's at risk

This affects anyone using Siemens TIA (Totally Integrated Automation) Administrator for engineering and configuring industrial control systems, particularly at water utilities and electric utilities that use Siemens PLCs and automation systems. Risk is highest for organizations where multiple staff share engineering workstations or where physical access to workstations is not strictly controlled.

How it could be exploited

An attacker with local user credentials on the machine running TIA Administrator could exploit privilege escalation vulnerabilities during installation or through insecure credential handling to gain elevated privileges and run arbitrary code on the engineering workstation.

Prerequisites

Local access to the TIA Administrator host machine
Valid user account credentials on the host system
Vulnerable version (< V3.0.6) installed

Local exploitation requiredRequires valid user credentialsLow attack complexityCan lead to control system reconfigurationNo known public exploitation yet

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

TIA Administrator< V3.0.63.0.6

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict local access to engineering workstations running TIA Administrator through physical security and access controls

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TIA Administrator to version 3.0.6 or later

Long-term hardening

0/1

HARDENINGIsolate TIA Administrator workstations from business networks and the internet using firewalls and network segmentation

CVEs (2)

CVE-2025-23364 CVE-2025-23365

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5e002467-8514-4f98-9eba-896765ee3974