CVE-2025-40942

CWE-2505 documents5 sources

Severity

7.3HIGH

EPSS

0.0%

top 99.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Telecontrol Server Basic

Timeline

PublishedJan 13

Description

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

▶CVEListV5siemens/telecontrol_server_basic< V3.1.2.4

▶NVDsiemens/telecontrol< 3.1.2.4

🔴Vulnerability Details

CVEList

CVE-2025-40942: A vulnerability has been identified in TeleControl Server Basic (All versions < V3↗2026-01-13

▶

GHSA

GHSA-c835-vvh2-8x99: A vulnerability has been identified in TeleControl Server Basic (All versions < V3↗2026-01-13

▶

🕵️Threat Intelligence

Wiz

CVE-2025-40942 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶