tia portal

Siemens’ TIA Portal path‑traversal flaw embedded inside Festo Didactic packages is a real, actionable risk for engineering workstations and training systems — and it demands immediate, prioritized remediation across mixed IT/OT environments. Background / Overview Festo Didactic devices —...

Siemens ProductCERT has published SSA‑493396 — a deserialization vulnerability (CVE‑2025‑40759) that affects a broad swath of TIA‑Portal engineering components, including SIMATIC S7‑PLCSIM V17, STEP 7, and WinCC variants; Siemens assigns a CVSS v3.1 base score of 7.8 and a CVSS v4 base score of...

In a significant escalation for industrial cybersecurity, a broad class of Siemens engineering software has been confirmed vulnerable to a type confusion deserialization flaw that can lead to arbitrary code execution when an attacker has local authenticated access. The issue—tracked under...

Siemens ProductCERT has confirmed a widespread DLL-hijacking flaw in the Siemens Web Installer used by its Online Software Delivery (OSD) mechanism — tracked as CVE‑2025‑30033 — that can allow arbitrary code execution during installation, carries a CVSS v4 base score of 8.5, and affects dozens...

Good morning, I use automation software that releases a new version to install every year. Now I have 2 versions of the program installed on my PC: TiaPortalV17 and TiaPortalV18. Each of the programs has its own respective file extensions: .zap17 and .zap18. The programs are installed in these...