SQL Injection Vulnerability in TeleControl Server Basic by Siemens
CVE-2025-32825

8.8HIGH

Key Information:

Vendor
Siemens
Status
TeleControl Server Basic
Vendor
CVE Published:
16 April 2025

Summary

An SQL injection vulnerability found in TeleControl Server Basic allows an authenticated remote attacker to exploit the 'GetProjects' method. This could enable unauthorized access to the application's database, allowing data reading and writing, as well as remote code execution under 'NT AUTHORITY\NetworkService' permissions. To successfully exploit this vulnerability, the attacker must have access to port 8000 on the affected system running a vulnerable version of TeleControl Server Basic.

References

https://cert-portal.siemens.com/productcert/html/ssa-4434...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2025-32825 : SQL Injection Vulnerability in TeleControl Server Basic by Siemens | SecurityVulnerability.io