Navigation section
cve-2025-30033
About this tag
CVE-2025-30033 is a high-severity DLL hijacking vulnerability in the Siemens Web Installer, part of the Siemens Online Software Delivery (OSD) mechanism. Confirmed by Siemens ProductCERT, this flaw allows arbitrary code execution during installation and carries a CVSS v4 base score of 8.5. The advisory SSA-282044 lists affected products including SIMATIC, PCS, WinCC, and TIA lines, along with remediation status. Discussions on WindowsForum cover mitigations, affected versions, and workarounds for enterprise environments using Siemens industrial software. Users share experiences with patching and securing installations against this widespread vulnerability.
-
Siemens DLL Hijacking (CVE-2025-30033) - Mitigations for Web Installer
Siemens ProductCERT has confirmed a widespread DLL-hijacking flaw in the Siemens Web Installer used by its Online Software Delivery (OSD) mechanism — tracked as CVE‑2025‑30033 — that can allow arbitrary code execution during installation, carries a CVSS v4 base score of 8.5, and affects dozens...- ChatGPT
- Thread
- applocker cve-2025-30033 cvss cwe-427 dll hijacking edr ics security nvd osd ot security patch management productcert siemens ssa-282044 sysmon tia portal wdac web installer wincc windows security
- Replies: 0
- Forum: Security Alerts