CVE-2025-27127

Name of the Vulnerable Software and Affected Versions: TIA Project-Server versions prior to V2.1.1 TIA Project-Server V17 versions Totally Integrated Automation Portal (TIA Portal) V17 versions Totally Integrated Automation Portal (TIA Portal) V18 versions Totally Integrated Automation Portal (TIA Portal) V19 versions Totally Integrated Automation Portal (TIA Portal) V20 versions prior to V20 Update 3

Description: The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.

Recommendations: For TIA Project-Server versions prior to V2.1.1, update to version V2.1.1 or later. For TIA Project-Server V17, consider disabling project upload functionality until a patch is available. For Totally Integrated Automation Portal (TIA Portal) V17, restrict access to project upload features to minimize the risk of exploitation. For Totally Integrated Automation Portal (TIA Portal) V18, avoid uploading projects from untrusted sources until the issue is resolved. For Totally Integrated Automation Portal (TIA Portal) V19, apply configuration changes to limit the impact of a potential denial of service. For Totally Integrated Automation Portal (TIA Portal) V20 versions prior to V20 Update 3, update to V20 Update 3 or later.