Siemens TIA Administrator

Plan PatchCVSS 7.8ICS-CERT ICSA-25-191-03Jul 8, 2025

Siemens

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens TIA Administrator before version 3.0.6 contains multiple vulnerabilities that could allow an attacker with local access to escalate privileges or execute arbitrary code during installation. These vulnerabilities could be exploited to compromise control system project files and configurations. The vulnerabilities are not remotely exploitable but pose a risk to engineering workstations where TIA Administrator is installed or being updated.

What this means

What could happen

An attacker with local access to a system running TIA Administrator could escalate privileges or run arbitrary code during installation, potentially compromising engineering workstations and the integrity of control system configurations.

Who's at risk

This vulnerability affects engineering teams and control system integrators who use Siemens TIA Administrator to develop, configure, and deploy PLC and automation projects. Any organization using TIA Administrator for SCADA, DCS, or industrial automation configuration should evaluate this issue, particularly those with shared or multi-user engineering workstations.

How it could be exploited

An attacker must have local access to a machine where TIA Administrator is being installed or has local user privileges. They could exploit privilege escalation or code execution vulnerabilities to gain higher privileges or execute commands that could modify control system configurations or project files.

Prerequisites

Local access to the system running TIA Administrator
Installation context or local user privileges on the machine

Local privilege escalation possibleCode execution during installationAffects engineering workstation securityLow complexity exploitation

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

TIA Administrator< V3.0.63.0.6

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict local access and login privileges on workstations running TIA Administrator to authorized engineering personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TIA Administrator to version 3.0.6 or later

Long-term hardening

0/1

HARDENINGPhysically or logically isolate engineering workstations running TIA Administrator from untrusted networks

CVEs (2)

CVE-2025-23364 CVE-2025-23365

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5e002467-8514-4f98-9eba-896765ee3974

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.