本页列出影响 siemens telecontrol_server_basic 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-40942 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. | [email protected] | 7.3 | 0.14% | 2026-01-13 | 2026-06-17 |
| CVE-2025-40765 | A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service. | [email protected] | 9.3 | 0.51% | 2025-10-14 | 2026-06-17 |
| CVE-2025-29931 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant T | [email protected] | 6.3 | 0.36% | 2025-04-17 | 2026-06-17 |
| CVE-2025-32872 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerab | [email protected] | 8.7 | 0.53% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32871 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vuln | [email protected] | 8.7 | 0.53% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32870 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable | [email protected] | 8.7 | 0.60% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32869 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vu | [email protected] | 8.7 | 0.34% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32868 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vu | [email protected] | 8.7 | 0.34% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32867 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnera | [email protected] | 8.7 | 0.53% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32866 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable v | [email protected] | 8.7 | 0.53% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32865 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable | [email protected] | 8.7 | 0.53% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32864 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerab | [email protected] | 8.7 | 0.53% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32863 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system whe | [email protected] | 8.7 | 0.49% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32862 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where | [email protected] | 8.7 | 0.49% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32861 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system whe | [email protected] | 8.7 | 0.49% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32860 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a syst | [email protected] | 8.7 | 0.49% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32859 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system | [email protected] | 8.7 | 0.49% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32858 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a syst | [email protected] | 8.7 | 0.49% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32857 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system wher | [email protected] | 8.7 | 0.49% | 2025-04-16 | 2026-06-17 |
| CVE-2025-32856 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where | [email protected] | 8.7 | 0.49% | 2025-04-16 | 2026-06-17 |