N/A

A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 4), Totally Integrated Automation Portal (TIA Portal) V20 (All versions < V20 Update 3). The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

危险类型文件的不加限制上传

Siemens多款产品 代码问题漏洞

Siemens TIA Project-Server等都是德国西门子（Siemens）公司的产品。Siemens TIA Project-Server是一款多人协作工具。Siemens TIA Project-Server V17是一款多人协作工具。Siemens Totally Integrated Automation Portal是一款工程组态平台。 Siemens多款产品存在代码问题漏洞，该漏洞源于应用程序不当处理文档根目录中上传的项目，可能导致具有贡献者权限的攻击者上传恶意项目导致拒绝服务。以下

N/A

N/A