CVE-2025-25267

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
siemensCNA
6.2 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
siemenstecnomatix_plant_simulation
2302.0 ≤
𝑥
< 2302.0021
siemenstecnomatix_plant_simulation
2404.0 ≤
𝑥
< 2404.0010
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-507653.html