Siemens Telecontrol Server Basic vulnerabilities

77 known vulnerabilities affecting siemens/telecontrol_server_basic.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL5HIGH69MEDIUM3

Vulnerabilities

Page 1 of 4

CVE-2025-40942HIGHCVSS 7.3fixed in 3.1.2.4fixed in V3.1.2.42026-01-13

CVE-2025-40942 [HIGH] CWE-250 CVE-2025-40942: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.

cvelistv5nvd

CVE-2025-40765CRITICALCVSS 9.3v3.1.2.22025-10-14

CVE-2025-40765 [CRITICAL] CWE-306 CVE-2025-40765: A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3. A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.

nvd

CVE-2025-29931MEDIUMCVSS 6.3fixed in 3.1.2.2fixed in V3.1.2.22025-04-17

CVE-2025-29931 [MEDIUM] CWE-130 CVE-2025-29931: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate

cvelistv5nvd

CVE-2025-27540CRITICALCVSS 9.3fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-27540 [CRITICAL] CWE-89 CVE-2025-27540: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute c

cvelistv5nvd

CVE-2025-27539CRITICALCVSS 9.3fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-27539 [CRITICAL] CWE-89 CVE-2025-27539: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute cod

cvelistv5nvd

CVE-2025-27495CRITICALCVSS 9.3fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-27495 [CRITICAL] CWE-89 CVE-2025-27495: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute co

cvelistv5nvd

CVE-2025-32858HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32858 [HIGH] CWE-89 CVE-2025-32858: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database a

cvelistv5nvd

CVE-2025-32852HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32852 [HIGH] CWE-89 CVE-2025-32852: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute

cvelistv5nvd

CVE-2025-32828HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32828 [HIGH] CWE-89 CVE-2025-32828: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database

cvelistv5nvd

CVE-2025-32837HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32837 [HIGH] CWE-89 CVE-2025-32837: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and

cvelistv5nvd

CVE-2025-32863HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32863 [HIGH] CWE-89 CVE-2025-32863: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and exe

cvelistv5nvd

CVE-2025-32857HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32857 [HIGH] CWE-89 CVE-2025-32857: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and exec

cvelistv5nvd

CVE-2025-32843HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32843 [HIGH] CWE-89 CVE-2025-32843: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "

cvelistv5nvd

CVE-2025-32851HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32851 [HIGH] CWE-89 CVE-2025-32851: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute co

cvelistv5nvd

CVE-2025-32864HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32864 [HIGH] CWE-89 CVE-2025-32864: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code wit

cvelistv5nvd

CVE-2025-32825HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32825 [HIGH] CWE-89 CVE-2025-32825: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code wit

cvelistv5nvd

CVE-2025-32850HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32850 [HIGH] CWE-89 CVE-2025-32850: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code

cvelistv5nvd

CVE-2025-32830HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32830 [HIGH] CWE-89 CVE-2025-32830: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code w

cvelistv5nvd

CVE-2025-32846HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32846 [HIGH] CWE-89 CVE-2025-32846: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute

cvelistv5nvd

CVE-2025-32859HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32859 [HIGH] CWE-89 CVE-2025-32859: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and

cvelistv5nvd

1 / 4Next →