CVSS: 8.5EPSS: 0%CPEs: 124EXPL: 0CVE-2025-30033
https://notcve.org/view.php?id=CVE-2025-30033
12 Aug 2025 — The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component. • https://cert-portal.siemens.com/productcert/html/ssa-282044.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-27127
https://notcve.org/view.php?id=CVE-2025-27127
08 Jul 2025 — A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions < V20 Update 3). The affected application improperly handles uploaded projects in the document root. This could ... • https://cert-portal.siemens.com/productcert/html/ssa-460466.html • CWE-434: Unrestricted Upload of File with Dangerous Type •