CVE-2025-23364
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-08-21
Assigner: Siemens AG
Description
Description
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates.
This could allow an attacker to bypass the check and exceute arbitrary code during installations.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | tia_administrator | to 3.0.6 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in TIA Administrator versions prior to V3.0.6, where the application improperly validates code signing certificates. This flaw allows an attacker to bypass the certificate validation check and execute arbitrary code during software installations.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could run arbitrary code on your system during the installation process, potentially leading to unauthorized actions or compromise of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70