Siemens TIA Project-Server and TIA Portal
Monitor4.3ICS-CERT ICSA-25-191-05Jul 8, 2025
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in Siemens TIA Project Server and TIA Portal allows a denial of service condition. An authenticated attacker could provide a specially crafted file input (CWE-434: Unrestricted Upload of File with Dangerous Type) that causes the application to stop responding. The vulnerability affects TIA Project Server versions prior to 2.1.1 and TIA Portal versions 17, 18, 19 (prior to Update 4), and 20 (prior to Update 3). Versions 17 and 18 of TIA Portal and all versions of TIA Project Server V17 have no planned fixes.
What this means
What could happen
An authenticated attacker could cause the TIA Project Server or TIA Portal design application to stop responding, interrupting engineering work and potentially delaying process updates or emergency reconfiguration tasks.
Who's at risk
This affects engineering teams and system integrators who use Siemens TIA Portal (versions 17, 18, 19, 20) or TIA Project Server to design and configure Siemens PLCs and automation systems in power generation, water treatment, manufacturing, and other industrial facilities. The risk is most acute for organizations running older unsupported versions (TIA Portal V17, V18) where no fix is planned.
How it could be exploited
An attacker with valid credentials to the TIA Portal or TIA Project Server could upload or provide a specially crafted file that triggers a denial of service condition, causing the application to hang or crash. The attacker needs network access to the workstation running TIA Portal or to the TIA Project Server and valid engineering credentials.
Prerequisites
- Valid engineering or administrator credentials for TIA Portal or TIA Project Server
- Network access to the TIA Portal workstation or TIA Project Server over the network
- Ability to provide input to the application (file upload or command interface)
Requires valid credentials for exploitationLow complexity to exploitDenial of service impact on engineering operationsNo fix available for V17 and V18 versionsAffects engineering workstations, not field devices
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (6)
4 with fix2 EOL
ProductAffected VersionsFix Status
TIA Project-Server< 2.1.12.1.1
Totally Integrated Automation Portal (TIA Portal) V19<V19 Update 419 Update 4
Totally Integrated Automation Portal (TIA Portal) V20<V20 Update 320 Update 3
Totally Integrated Automation Portal (TIA Portal) V17All versionsNo fix (EOL)
Totally Integrated Automation Portal (TIA Portal) V18All versionsNo fix (EOL)
TIA Project-Server V17All versions2.1.1
Remediation & Mitigation
0/6
Do now
0/2Totally Integrated Automation Portal (TIA Portal) V19
WORKAROUNDRestrict network access to TIA Project Server and TIA Portal workstations using firewall rules; ensure they are not accessible from the internet or untrusted networks
HARDENINGImplement role-based access controls and strong authentication (e.g., MFA if supported) to limit who can access TIA Portal and TIA Project Server
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
TIA Project-Server
HOTFIXUpdate TIA Project-Server to version 2.1.1 or later
Totally Integrated Automation Portal (TIA Portal) V19
HOTFIXUpdate TIA Portal V19 to Update 4 or later
HOTFIXUpdate TIA Portal V20 to Update 3 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Totally Integrated Automation Portal (TIA Portal) V17, Totally Integrated Automation Portal (TIA Portal) V18. Apply the following compensating controls:
HARDENINGIsolate engineering workstations running TIA Portal from the business network using a demilitarized zone (DMZ) or separate VLAN
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/30d6b435-4d01-4e21-b71f-9cb447e7c78a