Siemens TIA Project-Server and TIA Portal

MonitorCVSS 4.3ICS-CERT ICSA-25-191-05Jul 8, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A file upload validation vulnerability in TIA Project Server and TIA Portal allows an authenticated user to upload a malicious file that causes a denial of service condition in the server. The vulnerability is triggered through the project upload mechanism and can make automation projects inaccessible until the service is restarted. Siemens has released patches for TIA Project-Server 2.1.1, TIA Portal V19 Update 4, and TIA Portal V20 Update 3. TIA Portal V17 and V18 are end-of-life with no fix planned.

What this means

What could happen

An attacker with login credentials could upload a malicious file to the TIA Project Server, causing the service to crash and making automation projects unavailable until the service is restarted.

Who's at risk

This affects engineering teams and automation departments that use Siemens TIA Portal for developing and deploying industrial automation projects. It impacts TIA Project-Server installations and organizations using TIA Portal V17, V18, V19, or V20 for managing SCADA/PLC programming and project version control.

How it could be exploited

An attacker with valid TIA Project Server credentials could upload a specially crafted file through the project upload mechanism, triggering a denial of service condition in the server process. This requires network access to the TIA Project Server service and a valid user account.

Prerequisites

Network access to TIA Project Server service
Valid TIA Project Server login credentials
Permission to upload projects or files

Requires valid credentialsNo public exploitation reportedLow EPSS scoreEnd-of-life products (V17, V18) will not receive fixesAffects service availability

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (6)

4 with fix2 EOL

ProductAffected VersionsFix Status

TIA Project-Server< 2.1.12.1.1

Totally Integrated Automation Portal (TIA Portal) V19<V19 Update 419 Update 4

Totally Integrated Automation Portal (TIA Portal) V20<V20 Update 320 Update 3

Totally Integrated Automation Portal (TIA Portal) V17All versionsNo fix (EOL)

Totally Integrated Automation Portal (TIA Portal) V18All versionsNo fix (EOL)

TIA Project-Server V17All versions2.1.1

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDRestrict network access to TIA Project Server to only authorized engineering workstations using firewall rules

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

TIA Project-Server

HOTFIXUpdate TIA Project-Server to version 2.1.1 or later

Totally Integrated Automation Portal (TIA Portal) V19

HOTFIXUpdate TIA Portal V20 to Update 3 or later

HOTFIXUpdate TIA Portal V19 to Update 4 or later

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: Totally Integrated Automation Portal (TIA Portal) V17, Totally Integrated Automation Portal (TIA Portal) V18. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate TIA Project Server and TIA Portal systems from business networks and internet access

HARDENINGRequire strong authentication and enforce access controls to limit TIA Project Server uploads to authorized personnel only

CVEs (1)

CVE-2025-27127

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/30d6b435-4d01-4e21-b71f-9cb447e7c78a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.