ICS Advisory

Siemens Web Installer

Release Date
Alert Code
ICSA-25-226-22
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 8.5
  • ATTENTION: Low attack complexity
  • Vendor: Siemens
  • Equipment: Web Installer
  • Vulnerability: Uncontrolled Search Path Element

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Automation License Manager V6.0: All versions
  • OpenPCS 7 V9.1: All versions
  • SIMATIC WinCC Runtime Professional: All versions
  • SIMATIC WinCC Runtime Professional V20: All versions
  • SIMATIC WinCC TeleControl: All versions
  • SIMATIC WinCC Unified Line Coordination: All versions
  • SIMATIC WinCC Unified PC Runtime V18: All versions
  • SIMATIC WinCC Unified PC Runtime V19: All versions
  • SIMATIC WinCC Unified PC Runtime V20: All versions
  • SIMATIC WinCC Unified Sequence: All versions
  • SIMATIC WinCC V7.5: All versions
  • SIMATIC WinCC V8.0: All versions
  • OpenPCS 7 V10.0: All versions
  • SIMATIC WinCC V8.1: Versions prior to V8.1 Update 3
  • SIMATIC WinCC Visualization Architect (SiVArc) V17: All versions
  • SIMATIC WinCC Visualization Architect (SiVArc) V18: All versions
  • SIMATIC WinCC Visualization Architect (SiVArc) V19: All versions
  • SIMATIC WinCC Visualization Architect (SiVArc) V20: All versions
  • SIMATIC D7-SYS: All versions
  • SIMIATIC Rapid Tester: All versions
  • SIMIATIC Simulation Platform: All versions
  • SINAMICS Startdrive V17: All versions
  • SINAMICS Startdrive V18: All versions
  • Siemens Network Planner (SINETPLAN): All versions
  • SINAMICS Startdrive V19: All versions
  • SINAMICS Startdrive V20: All versions
  • SINEC NMS: Versions prior to 4.0
  • SINEMA Remote Connect Client: All versions
  • SITRANS: All versions
  • Standard PID CTRL Tool: All versions
  • TeleControl Server Basic V3.1: Versions prior to 3.1.2.2
  • TIA Administrator: Versions prior to 3.0.6
  • TIA Portal Cloud Connector: All versions
  • TIA Portal Test Suite V17: All versions
  • SIMATIC Automation Tool: All versions
  • TIA Portal Test Suite V18: All versions
  • TIA Portal Test Suite V19: All versions
  • TIA Portal Test Suite V20: All versions
  • TIA Project-Server: All versions
  • TIA Project-Server V17: All versions
  • WinCC Panel Image Setup: All versions
  • SIMATIC Automation Tool SDK Windows: All versions
  • SIMATIC BATCH V9.1: All versions
  • SIMATIC BATCH V10.0: All versions
  • SIMATIC Control Function Library (CFL) V1.0.0: All versions
  • SIMATIC Control Function Library (CFL) V2.0: All versions
  • SIMATIC Control Function Library (CFL) V3.0: All versions
  • Automation License Manager V6.2: Versions prior to V6.2 Upd3
  • SIMATIC Control Function Library (CFL) V4.0: All versions
  • SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8): All versions
  • SIMATIC eaSie Document Skills: All versions
  • SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8): All versions
  • SIMATIC eaSie Workflow Skills: All versions
  • SIMATIC Energy Suite V17: All versions
  • SIMATIC Energy Suite V18: All versions
  • SIMATIC Energy Suite V19: All versions
  • SIMATIC Logon V1.6: All versions
  • SIMATIC Logon V2.0: All versions
  • CEMAT V10.0: All versions
  • SIMATIC Management Agent: All versions
  • SIMATIC Management Console: All versions
  • SIMATIC MTP CREATOR V3.x: All versions
  • SIMATIC MTP CREATOR V4.x: All versions
  • SIMATIC MTP CREATOR V2.x: All versions
  • SIMATIC MTP CREATOR V5.x: All versions
  • SIMATIC MTP Integrator V1.x: All versions
  • SIMATIC MTP Integrator V2.x: All versions
  • SIMATIC NET PC Software V16: All versions
  • SIMATIC NET PC Software V17: All versions
  • CP PtP Param configuring interface: All versions
  • SIMATIC NET PC Software V18: All versions
  • SIMATIC NET PC Software V19: All versions
  • SIMATIC NET PC Software V20: Versions prior to V20.0 Update 1
  • SIMATIC ODK 1500S: All versions
  • SIMATIC PCS 7 Advanced Process Faceplates V9.1: All versions
  • SIMATIC PCS 7 Advanced Process Functions V2.1: All versions
  • SIMATIC PCS 7 Advanced Process Functions V2.2: All versions
  • SIMATIC PCS 7 Advanced Process Graphics V9.1: All versions
  • SIMATIC PCS 7 Advanced Process Graphics V10.0: All versions
  • SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0: All versions
  • Create MyConfig (CMC): All versions
  • SIMATIC PCS 7 Advanced Process Library V9.1: All versions
  • SIMATIC PCS 7 Basis Faceplates V9.1: All versions
  • SIMATIC PCS 7 Basis Library V9.1: All versions
  • SIMATIC PCS 7 Basis Library V10.0: All versions
  • SIMATIC PCS 7 Industry Library V9.0: All versions
  • SIMATIC PCS 7 Industry Library V9.1: All versions
  • SIMATIC PCS 7 Industry Library V10.0: All versions
  • SIMATIC PCS 7 Logic Matrix V9.1: All versions
  • SIMATIC PCS 7 Logic Matrix V10.0: All versions
  • SIMATIC PCS 7 MPC Configurator: All versions
  • Energy Support Library (EnSL): All versions
  • SIMATIC PCS 7 PowerControl: All versions
  • SIMATIC PCS 7 Standard Chemical Library V9.1: All versions
  • SIMATIC PCS 7 Standard Chemical Library V10.0: All versions
  • SIMATIC PCS 7 TeleControl: All versions
  • SIMATIC PCS 7 V9.1: All versions
  • SIMATIC PCS 7 V10.0: All versions
  • SIMATIC PCS 7/OPEN OS V9.1: All versions
  • SIMATIC PCS neo V5.0: All versions
  • SIMATIC PCS neo V6.0: Versions prior to V6.0 SP1
  • SIMATIC PDM Maintenance Station V5.0: All versions
  • FM Configuration Package: All versions
  • SIMATIC PDM V9.2: All versions
  • SIMATIC PDM V9.3: All versions
  • SIMATIC Process Function Library (PFL) V4.0: All versions
  • SIMATIC Process Historian 2020: All versions
  • SIMATIC Process Historian 2022: All versions
  • SIMATIC Process Historian 2024: All versions
  • SIMATIC ProSave V17: All versions
  • SIMATIC ProSave V18: All versions
  • SIMATIC ProSave V19: Versions prior to V19 Update 4
  • SIMATIC ProSave V20: All versions
  • Modular PID CTRL Tool: All versions
  • SIMATIC Route Control V9.1: All versions
  • SIMATIC Route Control V10.0: All versions
  • SIMATIC S7 F Systems V6.3: All versions
  • SIMATIC S7 F Systems V6.4: All versions
  • SIMATIC S7-1500 Software Controller V2: All versions
  • SIMATIC S7-1500 Software Controller V3: All versions
  • SIMATIC S7-Fail-safe Configuration Tool (S7-FCT): Versions prior to 4.0.1
  • SIMATIC S7-PCT: All versions
  • SIMATIC S7-PLCSIM Advanced: Versions prior to V7.0 Update 1
  • SIMATIC S7-PLCSIM V17: All versions
  • MultiFieldbus Configuration Tool (MFCT): All versions
  • SIMATIC S7-PLCSIM V18: All versions
  • SIMATIC S7-PLCSIM V19: All versions
  • SIMATIC S7-PLCSIM V20: Versions prior to V20 Update 1
  • SIMATIC Safety Matrix: All versions
  • SIMATIC STEP 7 CFC V19: All versions
  • SIMATIC STEP 7 CFC V20: All versions
  • SIMATIC STEP 7 V5.7: All versions
  • SIMATIC Target: All versions
  • SIMATIC WinCC flexible ES: All versions
  • SIMATIC WinCC Runtime Advanced: All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

CVE-2025-30033 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-30033. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany

3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Harden the application host to prevent local access by untrusted personnel
  • Install applications only from an empty directory, thereby minimizing the likelihood of malicious DLLs being present
  • Automation License Manager V6.0, CEMAT V10.0, Energy Support Library (EnSL), SIMATIC BATCH V9.1, SIMATIC Logon V1.6, SIMATIC MTP CREATOR V3.x, SIMATIC MTP CREATOR V2.x, SIMATIC PCS 7 Industry Library V9.0, SIMATIC PCS neo V5.0, SIMATIC Process Function Library (PFL) V4.0, SIMATIC Process Historian 2020, SIMATIC ProSave V18, SIMATIC S7 F Systems V6.3, SIMATIC STEP 7 CFC V19, SIMATIC STEP 7 CFC V20: Currently no fix is planned
  • CP PtP Param configuring interface, Create MyConfig (CMC), FM Configuration Package, Modular PID CTRL Tool, MultiFieldbus Configuration Tool (MFCT), OpenPCS 7 V9.1, OpenPCS 7 V10.0, Siemens Network Planner (SINETPLAN), SIMATIC Automation Tool, SIMATIC Automation Tool SDK Windows, SIMATIC BATCH V10.0, SIMATIC Control Function Library (CFL) V1.0.0, SIMATIC Control Function Library (CFL) V2.0, SIMATIC Control Function Library (CFL) V3.0, SIMATIC Control Function Library (CFL) V4.0, SIMATIC eaSie Core Package (6DL5424-0AX00-0AV8), SIMATIC eaSie Document Skills, SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8), SIMATIC eaSie Workflow Skills, SIMATIC Energy Suite V17, SIMATIC Energy Suite V18, SIMATIC Energy Suite V19, SIMATIC Logon V2.0, SIMATIC Management Agent, SIMATIC Management Console, SIMATIC MTP CREATOR V4.x, SIMATIC MTP CREATOR V5.x, SIMATIC MTP Integrator V1.x, SIMATIC MTP Integrator V2.x, SIMATIC NET PC Software V16, SIMATIC NET PC Software V17, SIMATIC NET PC Software V18, SIMATIC NET PC Software V19, SIMATIC ODK 1500S, SIMATIC PCS 7 Advanced Process Faceplates V9.1, SIMATIC PCS 7 Advanced Process Functions V2.1, SIMATIC PCS 7 Advanced Process Functions V2.2, SIMATIC PCS 7 Advanced Process Graphics V9.1, SIMATIC PCS 7 Advanced Process Graphics V10.0, SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0, SIMATIC PCS 7 Advanced Process Library V9.1, SIMATIC PCS 7 Basis Faceplates V9.1, SIMATIC PCS 7 Basis Library V9.1, SIMATIC PCS 7 Basis Library V10.0, SIMATIC PCS 7 Industry Library V9.1, SIMATIC PCS 7 Industry Library V10.0, SIMATIC PCS 7 Logic Matrix V9.1, SIMATIC PCS 7 Logic Matrix V10.0, SIMATIC PCS 7 MPC Configurator, SIMATIC PCS 7 PowerControl, SIMATIC PCS 7 Standard Chemical Library V9.1, SIMATIC PCS 7 Standard Chemical Library V10.0, SIMATIC PCS 7 TeleControl, SIMATIC PCS 7 V9.1, SIMATIC PCS 7 V10.0, SIMATIC PCS 7/OPEN OS V9.1, SIMATIC PDM Maintenance Station V5.0, SIMATIC PDM V9.2, SIMATIC PDM V9.3, SIMATIC Process Historian 2022, SIMATIC Process Historian 2024, SIMATIC ProSave V17, SIMATIC ProSave V20, SIMATIC Route Control V9.1, SIMATIC Route Control V10.0, SIMATIC S7 F Systems V6.4, SIMATIC S7-1500 Software Controller V2, SIMATIC S7-1500 Software Controller V3, SIMATIC S7-PCT, SIMATIC S7-PLCSIM V17, SIMATIC S7-PLCSIM V18, SIMATIC S7-PLCSIM V19, SIMATIC Safety Matrix, SIMATIC STEP 7 V5.7, SIMATIC Target, SIMATIC WinCC flexible ES, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC Runtime Professional V20, SIMATIC WinCC TeleControl, SIMATIC WinCC Unified Line Coordination, SIMATIC WinCC Unified PC Runtime V18, SIMATIC WinCC Unified PC Runtime V19, SIMATIC WinCC Unified PC Runtime V20, SIMATIC WinCC Unified Sequence, SIMATIC WinCC V7.5, SIMATIC WinCC V8.0, SIMATIC WinCC Visualization Architect (SiVArc) V17, SIMATIC WinCC Visualization Architect (SiVArc) V18, SIMATIC WinCC Visualization Architect (SiVArc) V19, SIMATIC WinCC Visualization Architect (SiVArc) V20, SIMATIC D7-SYS, SIMIT Rapid Tester, SIMIT Simulation Platform, SINAMICS Startdrive V17, SINAMICS Startdrive V18, SINAMICS Startdrive V19, SINAMICS Startdrive V20, SINEMA Remote Connect Client, SITRANS, Standard PID CTRL Tool, TIA Portal Cloud Connector, TIA Portal Test Suite V17, TIA Portal Test Suite V18, TIA Portal Test Suite V19, TIA Portal Test Suite V20, TIA Project-Server, TIA Project-Server V17, WinCC Panel Image Setup: Currently no fix is available
  • SIMATIC ProSave V19: Update to V19 Update 4 or later version
  • SIMATIC S7-PLCSIM V20: Update to V20 Update 1 or later version
  • SIMATIC NET PC Software V20: Update to V20.0 Update 1 or later version
  • TIA Administrator: Update to V3.0.6 or later version
  • TeleControl Server Basic V3.1: Update to V3.1.2.2 or later version
  • SINEC NMS: Update to V4.0 or later version
  • SIMATIC S7-Fail-safe Configuration Tool (S7-FCT): Update to V4.0.1 or later version
  • SIMATIC PCS neo V6.0: Update to V6.0 SP1 or later version
  • Automation License Manager V6.2: Update to V6.2 Upd3 or later version
  • SIMATIC S7-PLCSIM Advanced: Update to V7.0 Update 1 or later version
  • SIMATIC WinCC V8.1: Update to V8.1 Update 3 or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.

For more information see the associated Siemens security advisory SSA-282044 in HTML and CSAF.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

  • August 14, 2025: Initial Republication of Siemens SSA-282044

This product is provided subject to this Notification and this Privacy & Use policy.

Vendor

  • Siemens

Tags

Sector: Critical Manufacturing Sector, Energy Sector
Topics: Industrial Control System Vulnerabilities, Industrial Control Systems

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.

Related Advisories