Siemens Telecontrol Server Basic V3.1 vulnerabilities

CVE-2025-40765 [CRITICAL] CWE-306 CVE-2025-40765: A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3. A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.

CVE-2025-30033 [HIGH] CWE-427 CVE-2025-30033: The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.