SQL Injection Vulnerability in TeleControl Server Basic by Siemens
CVE-2025-32871
8.7HIGH
Summary
A vulnerability exists in TeleControl Server Basic prior to version 3.1.2.2, which is susceptible to SQL injection via the 'MigrateDatabase' method. An authenticated remote attacker exploiting this issue could circumvent authorization mechanisms, allowing unauthorized access to read from and write to the application's database. Additionally, this vulnerability enables code execution with 'NT AUTHORITY\NetworkService' permissions. To successfully exploit this vulnerability, an attacker must access port 8000 on the system running the vulnerable application.
Affected Version(s)
TeleControl Server Basic 0
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published