CVE-2025-30033
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | simatic_logon | 1.6 |
| siemens | simatic_process_historian | 2020 |
| siemens | simatic_easie_packages | * |
| siemens | simatic_s7_plcsim | 17 |
| siemens | simatic_pdm | 9.3 |
| siemens | simatic_s7_1500_software_controller | 2 |
| siemens | simatic_s7_plcsim | 18 |
| siemens | cemat | * |
| siemens | simatic_s7_f_systems | 6.4 |
| siemens | simatic_logon | 2.0 |
| siemens | simatic_automation_tool | * |
| siemens | simatic_pdm | 9.2 |
| siemens | simatic_s7_plcsim_advanced | 7.0.1 |
| siemens | simatic_s7_plcsim | 19 |
| siemens | multifieldbus_configuration_tool | * |
| siemens | simatic_process_historian | 2022 |
| siemens | simatic_management_console | * |
| siemens | simatic_management_agent | * |
| siemens | cp_ptp_param_configuring_interface | * |
| siemens | simatic_batch | 9.1 |
| siemens | simatic_process_historian | 2024 |
| siemens | simatic_s7_f_systems | 6.3 |
| siemens | sinetplan | * |
| siemens | energy_support_library | * |
| siemens | fm_configuration_package | * |
| siemens | simatic_odk_1500s | * |
| siemens | simatic_net_pc_software | 20 |
| siemens | simatic_s7_fail_safe_configuration_tool | 4.0.1 |
| siemens | simatic_net_pc_software | 16 |
| siemens | simatic_pcs_neo | 6.0 |
| siemens | modular_pid_ctrl_tool | * |
| siemens | openpcs_7 | 9.1 |
| siemens | automation_license_manager | * |
| siemens | simatic_pcs_7 | * |
| siemens | simatic_batch | 10.0 |
| siemens | simatic_prosave | 19 |
| siemens | simatic_net_pc_software | 18 |
| siemens | openpcs_7 | 10.0 |
| siemens | simatic_s7_1500_software_controller | 3 |
| siemens | simatic_s7_pct | * |
| siemens | simatic_s7_plcsim | 20 |
| siemens | simatic_route_control | * |
| siemens | create_myconfig | * |
| siemens | simatic_net_pc_software | 17 |
| siemens | simatic_net_pc_software | 19 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30033 is a DLL hijacking vulnerability in the Siemens Web Installer used for installing multiple Siemens products. It allows an attacker to execute arbitrary code during the installation process by placing a malicious DLL that the installer improperly loads. This execution happens with the installer's privileges when a legitimate user runs the affected installer. The vulnerability only affects the installation phase and does not impact the products after installation. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on your system during the installation of affected Siemens software. This could lead to unauthorized actions being performed with the installer's privileges, potentially compromising system security. However, the risk is limited to the installation process and does not affect the software once installed. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update affected Siemens products to the latest versions where fixes are available, such as Automation License Manager V6.2 Update 3, SIMATIC PCS neo V6.0 SP1, SIMATIC ProSave V19 Update 4, SIMATIC S7-FCT V4.0.1, SIMATIC S7-PLCSIM V20 Update 1, and SIMATIC S7-PLCSIM Advanced V7.0 Update 1. For products without available fixes, apply Siemens' recommended workarounds and mitigations. Always use the latest installer versions to avoid exploitation during installation. [1]