CVE-2025-40765

CWE-306 — Missing Authentication3 documents3 sources

Severity

9.3CRITICAL

EPSS

0.1%

top 67.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Telecontrol Server Basic V3.1 Siemens Telecontrol Server Basic

Timeline

PublishedOct 14

Description

A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/telecontrol_server_basic_v3.1V3.1.2.2 — V3.1.2.3

▶NVDsiemens/telecontrol3.1.2.2

🔴Vulnerability Details

GHSA

GHSA-qp9r-4cqh-77h3: A vulnerability has been identified in TeleControl Server Basic V3↗2025-10-14

▶

CVEList

CVE-2025-40765: A vulnerability has been identified in TeleControl Server Basic V3↗2025-10-14

▶