Siemens Automation License Manager V6.0 uncontrolled search path
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.8 | $5k-$25k | 0.00 |
Summary
A vulnerability, which was classified as problematic, was found in Siemens Automation License Manager V6.0, Automation License Manager V6.2, CEMAT V10.0, CP PtP Param configuring interface, Create MyConfig, Energy Support Library, FM Configuration Package, Modular PID CTRL Tool, MultiFieldbus Configuration Tool , OpenPCS 7 V10.0, OpenPCS 7 V9.1, Network Planner, SIMATIC Automation Tool, SIMATIC Automation Tool SDK Windows, SIMATIC BATCH V10.0, SIMATIC BATCH V9.1, SIMATIC Control Function Library V1.0.0, SIMATIC Control Function Library V2.0, SIMATIC Control Function Library V3.0, SIMATIC Control Function Library V4.0, SIMATIC D7-SYS, SIMATIC eaSie Core Package, SIMATIC eaSie Document Skills, SIMATIC eaSie PCS 7 Skill Package, SIMATIC eaSie Workflow Skills, SIMATIC Energy Suite V17, SIMATIC Energy Suite V18, SIMATIC Energy Suite V19, SIMATIC Logon V1.6, SIMATIC Logon V2.0, SIMATIC Management Agent, SIMATIC Management Console, SIMATIC MTP CREATOR V2.x, SIMATIC MTP CREATOR V3.x, SIMATIC MTP CREATOR V4.x, SIMATIC MTP CREATOR V5.x, SIMATIC MTP Integrator V1.x, SIMATIC MTP Integrator V2.x, SIMATIC NET PC Software V16, SIMATIC NET PC Software V17, SIMATIC NET PC Software V18, SIMATIC NET PC Software V19, SIMATIC NET PC Software V20, SIMATIC ODK 1500S, SIMATIC PCS 7 Advanced Process Faceplates V9.1, SIMATIC PCS 7 Advanced Process Functions V2.1, SIMATIC PCS 7 Advanced Process Functions V2.2, SIMATIC PCS 7 Advanced Process Graphics V10.0, SIMATIC PCS 7 Advanced Process Graphics V9.1, SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0, SIMATIC PCS 7 Advanced Process Library V9.1, SIMATIC PCS 7 Basis Faceplates V9.1, SIMATIC PCS 7 Basis Library V10.0, SIMATIC PCS 7 Basis Library V9.1, SIMATIC PCS 7 Industry Library V10.0, SIMATIC PCS 7 Industry Library V9.0, SIMATIC PCS 7 Industry Library V9.1, SIMATIC PCS 7 Logic Matrix V10.0, SIMATIC PCS 7 Logic Matrix V9.1, SIMATIC PCS 7 MPC Configurator, SIMATIC PCS 7 PowerControl, SIMATIC PCS 7 Standard Chemical Library V10.0, SIMATIC PCS 7 Standard Chemical Library V9.1, SIMATIC PCS 7 TeleControl, SIMATIC PCS 7 V10.0, SIMATIC PCS 7 V9.1, SIMATIC PCS 7, OPEN OS V9.1, SIMATIC PCS neo V5.0, SIMATIC PCS neo V6.0, SIMATIC PDM Maintenance Station V5.0, SIMATIC PDM V9.2, SIMATIC PDM V9.3, SIMATIC Process Function Library V4.0, SIMATIC Process Historian 2020, SIMATIC Process Historian 2022, SIMATIC Process Historian 2024, SIMATIC ProSave V17, SIMATIC ProSave V18, SIMATIC ProSave V19, SIMATIC ProSave V20, SIMATIC Route Control V10.0, SIMATIC Route Control V9.1, SIMATIC S7 F Systems V6.3, SIMATIC S7 F Systems V6.4, SIMATIC S7-1500 Software Controller V2 and SIMATIC S7-1500 Software C. Affected is an unknown function. Such manipulation leads to uncontrolled search path. This vulnerability is listed as CVE-2025-30033. The attack must be carried out locally. There is no available exploit.
Details
A vulnerability, which was classified as critical, has been found in Siemens Automation License Manager V6.0, Automation License Manager V6.2, CEMAT V10.0, CP PtP Param configuring interface, Create MyConfig, Energy Support Library, FM Configuration Package, Modular PID CTRL Tool, MultiFieldbus Configuration Tool , OpenPCS 7 V10.0, OpenPCS 7 V9.1, Network Planner, SIMATIC Automation Tool, SIMATIC Automation Tool SDK Windows, SIMATIC BATCH V10.0, SIMATIC BATCH V9.1, SIMATIC Control Function Library V1.0.0, SIMATIC Control Function Library V2.0, SIMATIC Control Function Library V3.0, SIMATIC Control Function Library V4.0, SIMATIC D7-SYS, SIMATIC eaSie Core Package, SIMATIC eaSie Document Skills, SIMATIC eaSie PCS 7 Skill Package, SIMATIC eaSie Workflow Skills, SIMATIC Energy Suite V17, SIMATIC Energy Suite V18, SIMATIC Energy Suite V19, SIMATIC Logon V1.6, SIMATIC Logon V2.0, SIMATIC Management Agent, SIMATIC Management Console, SIMATIC MTP CREATOR V2.x, SIMATIC MTP CREATOR V3.x, SIMATIC MTP CREATOR V4.x, SIMATIC MTP CREATOR V5.x, SIMATIC MTP Integrator V1.x, SIMATIC MTP Integrator V2.x, SIMATIC NET PC Software V16, SIMATIC NET PC Software V17, SIMATIC NET PC Software V18, SIMATIC NET PC Software V19, SIMATIC NET PC Software V20, SIMATIC ODK 1500S, SIMATIC PCS 7 Advanced Process Faceplates V9.1, SIMATIC PCS 7 Advanced Process Functions V2.1, SIMATIC PCS 7 Advanced Process Functions V2.2, SIMATIC PCS 7 Advanced Process Graphics V10.0, SIMATIC PCS 7 Advanced Process Graphics V9.1, SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0, SIMATIC PCS 7 Advanced Process Library V9.1, SIMATIC PCS 7 Basis Faceplates V9.1, SIMATIC PCS 7 Basis Library V10.0, SIMATIC PCS 7 Basis Library V9.1, SIMATIC PCS 7 Industry Library V10.0, SIMATIC PCS 7 Industry Library V9.0, SIMATIC PCS 7 Industry Library V9.1, SIMATIC PCS 7 Logic Matrix V10.0, SIMATIC PCS 7 Logic Matrix V9.1, SIMATIC PCS 7 MPC Configurator, SIMATIC PCS 7 PowerControl, SIMATIC PCS 7 Standard Chemical Library V10.0, SIMATIC PCS 7 Standard Chemical Library V9.1, SIMATIC PCS 7 TeleControl, SIMATIC PCS 7 V10.0, SIMATIC PCS 7 V9.1, SIMATIC PCS 7, OPEN OS V9.1, SIMATIC PCS neo V5.0, SIMATIC PCS neo V6.0, SIMATIC PDM Maintenance Station V5.0, SIMATIC PDM V9.2, SIMATIC PDM V9.3, SIMATIC Process Function Library V4.0, SIMATIC Process Historian 2020, SIMATIC Process Historian 2022, SIMATIC Process Historian 2024, SIMATIC ProSave V17, SIMATIC ProSave V18, SIMATIC ProSave V19, SIMATIC ProSave V20, SIMATIC Route Control V10.0, SIMATIC Route Control V9.1, SIMATIC S7 F Systems V6.3, SIMATIC S7 F Systems V6.4, SIMATIC S7-1500 Software Controller V2 and SIMATIC S7-1500 Software C. Affected by this issue is some unknown functionality. The manipulation with an unknown input leads to a uncontrolled search path vulnerability. Using CWE to declare the problem leads to CWE-427. The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. Impacted is confidentiality, integrity, and availability. CVE summarizes:
The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.
The advisory is available at cert-portal.siemens.com. This vulnerability is handled as CVE-2025-30033 since 03/14/2025. The exploitation is known to be easy. Local access is required to approach this attack. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 08/12/2025). This vulnerability is assigned to T1574 by the MITRE ATT&CK project.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
- Automation License Manager V6.0
- Automation License Manager V6.2
- CEMAT V10.0
- CP PtP Param configuring interface
- Create MyConfig
- Energy Support Library
- FM Configuration Package
- Modular PID CTRL Tool
- MultiFieldbus Configuration Tool
- Network Planner
- OPEN OS V9.1
- OpenPCS 7 V9.1
- OpenPCS 7 V10.0
- SIMATIC Automation Tool
- SIMATIC Automation Tool SDK Windows
- SIMATIC BATCH V9.1
- SIMATIC BATCH V10.0
- SIMATIC Control Function Library V1.0.0
- SIMATIC Control Function Library V2.0
- SIMATIC Control Function Library V3.0
- SIMATIC Control Function Library V4.0
- SIMATIC eaSie Core Package
- SIMATIC eaSie Document Skills
- SIMATIC eaSie PCS 7 Skill Package
- SIMATIC eaSie Workflow Skills
- SIMATIC Energy Suite V17
- SIMATIC Energy Suite V18
- SIMATIC Energy Suite V19
- SIMATIC Logon V1.6
- SIMATIC Logon V2.0
- SIMATIC Management Agent
- SIMATIC Management Console
- SIMATIC MTP CREATOR V3.x
- SIMATIC MTP CREATOR V4.x
- SIMATIC MTP CREATOR V2.x
- SIMATIC MTP CREATOR V5.x
- SIMATIC MTP Integrator V1.x
- SIMATIC MTP Integrator V2.x
- SIMATIC NET PC Software V16
- SIMATIC NET PC Software V17
- SIMATIC NET PC Software V18
- SIMATIC NET PC Software V19
- SIMATIC NET PC Software V20
- SIMATIC ODK 1500S
- SIMATIC PCS 7
- SIMATIC PCS 7 Advanced Process Faceplates V9.1
- SIMATIC PCS 7 Advanced Process Functions V2.1
- SIMATIC PCS 7 Advanced Process Functions V2.2
- SIMATIC PCS 7 Advanced Process Graphics V9.1
- SIMATIC PCS 7 Advanced Process Graphics V10.0
- SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0
- SIMATIC PCS 7 Advanced Process Library V9.1
- SIMATIC PCS 7 Basis Faceplates V9.1
- SIMATIC PCS 7 Basis Library V9.1
- SIMATIC PCS 7 Basis Library V10.0
- SIMATIC PCS 7 Industry Library V9.0
- SIMATIC PCS 7 Industry Library V9.1
- SIMATIC PCS 7 Industry Library V10.0
- SIMATIC PCS 7 Logic Matrix V9.1
- SIMATIC PCS 7 Logic Matrix V10.0
- SIMATIC PCS 7 MPC Configurator
- SIMATIC PCS 7 PowerControl
- SIMATIC PCS 7 Standard Chemical Library V9.1
- SIMATIC PCS 7 Standard Chemical Library V10.0
- SIMATIC PCS 7 TeleControl
- SIMATIC PCS 7 V9.1
- SIMATIC PCS 7 V10.0
- SIMATIC PCS neo V5.0
- SIMATIC PCS neo V6.0
- SIMATIC PDM Maintenance Station V5.0
- SIMATIC PDM V9.2
- SIMATIC PDM V9.3
- SIMATIC Process Function Library V4.0
- SIMATIC Process Historian 2020
- SIMATIC Process Historian 2022
- SIMATIC Process Historian 2024
- SIMATIC ProSave V17
- SIMATIC ProSave V18
- SIMATIC ProSave V19
- SIMATIC ProSave V20
- SIMATIC Route Control V9.1
- SIMATIC Route Control V10.0
- SIMATIC S7 F Systems V6.3
- SIMATIC S7 F Systems V6.4
- SIMATIC S7-1500 Software C
- SIMATIC S7-1500 Software Controller V2
- SIMATIC D7-SYS
License
Website
- Vendor: https://www.siemens.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.8
VulDB Base Score: 7.8
VulDB Temp Score: 7.8
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 7.8
CNA Vector (siemens): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Uncontrolled search pathCWE: CWE-427 / CWE-426
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔒
Timeline
03/14/2025 CVE reserved08/12/2025 Advisory disclosed
08/12/2025 VulDB entry created
08/12/2025 VulDB entry last update
Sources
Vendor: siemens.comAdvisory: ssa-282044
Status: Confirmed
CVE: CVE-2025-30033 (🔒)
GCVE (CVE): GCVE-0-2025-30033
GCVE (VulDB): GCVE-100-319538
Entry
Created: 08/12/2025 13:59Changes: 08/12/2025 13:59 (74)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.