SQL Injection Vulnerability in TeleControl Server Basic by Siemens
CVE-2025-30003

8.8HIGH

Key Information:

Vendor: Siemens
Status: TeleControl Server Basic
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-30003?

A vulnerability exists in the TeleControl Server Basic application, affecting all versions prior to 3.1.2.2. This issue arises from improper handling of the 'UpdateProjectConnections' method, which is susceptible to SQL injection. An authenticated attacker could exploit this flaw to bypass authorization mechanisms, granting them unauthorized access to the database. This access could allow the attacker to not only read sensitive data but also write or execute commands with elevated privileges, specifically under the 'NT AUTHORITY\NetworkService' context. For successful exploitation, the attacker must have access to port 8000 on a system running a vulnerable version of the software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cert-portal.siemens.com/productcert/html/ssa-4434...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025

JSON

Siemens

What is CVE-2025-30003?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.