Siemens Telecontrol Server Basic vulnerabilities

77 known vulnerabilities affecting siemens/telecontrol_server_basic.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL5HIGH69MEDIUM3

Vulnerabilities

Page 2 of 4

CVE-2025-32860HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32860 [HIGH] CWE-89 CVE-2025-32860: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database a

cvelistv5nvd

CVE-2025-31349HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-31349 [HIGH] CWE-89 CVE-2025-31349: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute c

cvelistv5nvd

CVE-2025-31351HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-31351 [HIGH] CWE-89 CVE-2025-31351: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code w

cvelistv5nvd

CVE-2025-32855HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32855 [HIGH] CWE-89 CVE-2025-32855: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute co

cvelistv5nvd

CVE-2025-32842HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32842 [HIGH] CWE-89 CVE-2025-32842: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetUsers' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "

cvelistv5nvd

CVE-2025-32865HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32865 [HIGH] CWE-89 CVE-2025-32865: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with

cvelistv5nvd

CVE-2025-32847HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32847 [HIGH] CWE-89 CVE-2025-32847: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execut

cvelistv5nvd

CVE-2025-32839HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32839 [HIGH] CWE-89 CVE-2025-32839: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code wit

cvelistv5nvd

CVE-2025-31350HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-31350 [HIGH] CWE-89 CVE-2025-31350: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and exec

cvelistv5nvd

CVE-2025-32838HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32838 [HIGH] CWE-89 CVE-2025-32838: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and ex

cvelistv5nvd

CVE-2025-32824HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32824 [HIGH] CWE-89 CVE-2025-32824: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code w

cvelistv5nvd

CVE-2025-32870HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32870 [HIGH] CWE-89 CVE-2025-32870: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with

cvelistv5nvd

CVE-2025-32844HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32844 [HIGH] CWE-89 CVE-2025-32844: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with

cvelistv5nvd

CVE-2025-32849HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32849 [HIGH] CWE-89 CVE-2025-32849: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute c

cvelistv5nvd

CVE-2025-30002HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-30002 [HIGH] CWE-89 CVE-2025-30002: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and ex

cvelistv5nvd

CVE-2025-32848HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32848 [HIGH] CWE-89 CVE-2025-32848: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute cod

cvelistv5nvd

CVE-2025-30003HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-30003 [HIGH] CWE-89 CVE-2025-30003: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and exe

cvelistv5nvd

CVE-2025-32831HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32831 [HIGH] CWE-89 CVE-2025-32831: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and exec

cvelistv5nvd

CVE-2025-32868HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32868 [HIGH] CWE-89 CVE-2025-32868: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute co

cvelistv5nvd

CVE-2025-32829HIGHCVSS 8.7fixed in 3.1.2.2fixed in V3.1.2.22025-04-16

CVE-2025-32829 [HIGH] CWE-89 CVE-2025-32829: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affec A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database a

cvelistv5nvd

← Previous2 / 4Next →