CVE-2025-23364 — Improper Verification of Cryptographic Signature in Siemens TIA Administrator

CWE-347 — Improper Verification of Cryptographic Signature3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 98.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens TIA Administrator

Timeline

PublishedJul 8

Description

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/tia_administrator< V3.0.6

▶NVDsiemens/tia_administrator< 3.0.6

🔴Vulnerability Details

GHSA

GHSA-xcww-qxq8-pg8c: A vulnerability has been identified in TIA Administrator (All versions < V3↗2025-07-08

▶

CVEList

CVE-2025-23364: A vulnerability has been identified in TIA Administrator (All versions < V3↗2025-07-08

▶