CVE-2025-30033 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
siemens	CNA	7.8 HIGH				CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Common Weakness Enumeration

CWE-427 - Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Vulnerability Media Exposure

[GERMAN] Mehrere Siemens-Produkte: Schwachstelle ermöglicht Codeausführung
Ein lokaler Angreifer kann eine Schwachstelle in Siemens SIMATIC Logon, Siemens SIMATIC S7, Siemens SIMATIC STEP 7, Siemens SIMATIC WinCC und Siemens TIA Portal ausnutzen, um beliebigen Programmcode auszuführen.
Published: 2025-08-12T22:00:00+00:00

References

https://cert-portal.siemens.com/productcert/html/ssa-282044.html