Siemens TeleControl Server Basic SQL

Plan PatchCVSS 9.8ICS-CERT ICSA-25-112-01Apr 16, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

TeleControl Server Basic before V3.1.2.2 contains multiple SQL injection vulnerabilities in the web application that allow unauthenticated remote attackers to read and write to the application's database, cause denial of service, and execute code in an OS shell with "NT AUTHORITY\NetworkService" permissions. Siemens has released version 3.1.2.2 which fixes all identified SQL injection occurrences.

What this means

What could happen

An attacker could inject SQL commands into TeleControl Server Basic to read sensitive configuration data, modify database records, or execute system commands with service-level privileges, potentially disrupting remote terminal unit (RTU) operations or allowing persistent unauthorized access.

Who's at risk

Water authorities and utilities operating Siemens TeleControl Server Basic for remote terminal unit (RTU) management and telemetry. Any organization using TeleControl Server Basic versions prior to 3.1.2.2 for SCADA gateway or data aggregation functions should prioritize this update.

How it could be exploited

An attacker with network access to port 8000 could send specially crafted SQL injection payloads through the application's web interface or API, allowing direct execution of arbitrary SQL commands against the backend database. This could escalate to OS command execution within the service context.

Prerequisites

Network access to port 8000 on TeleControl Server Basic
No authentication required

Remotely exploitableNo authentication requiredLow complexityHigh CVSS (9.8)Affects system and data integrity

Exploitability

Unlikely to be exploited — EPSS score 1.0%

Affected products (1)

ProductAffected VersionsFix Status

TeleControl Server Basic<V3.1.2.23.1.2.2

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict firewall rules to allow access to port 8000 only from trusted IP addresses (engineering stations, authorized operations centers)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TeleControl Server Basic to version 3.1.2.2 or later

Long-term hardening

0/1

HARDENINGSegment TeleControl Server Basic on a dedicated network or VLAN isolated from general business network traffic

CVEs (67)

CVE-2025-27495 CVE-2025-27539 CVE-2025-27540 CVE-2025-29905 CVE-2025-30002 CVE-2025-30003 CVE-2025-30030 CVE-2025-30031 CVE-2025-30032 CVE-2025-31343 CVE-2025-31349 CVE-2025-31350 CVE-2025-31351 CVE-2025-31352 CVE-2025-31353 CVE-2025-32475 CVE-2025-32822 CVE-2025-32823 CVE-2025-32824 CVE-2025-32825 CVE-2025-32826 CVE-2025-32827 CVE-2025-32828 CVE-2025-32829 CVE-2025-32830 CVE-2025-32831 CVE-2025-32832 CVE-2025-32833 CVE-2025-32834 CVE-2025-32835 CVE-2025-32836 CVE-2025-32837 CVE-2025-32838 CVE-2025-32839 CVE-2025-32840 CVE-2025-32841 CVE-2025-32842 CVE-2025-32843 CVE-2025-32844 CVE-2025-32845 CVE-2025-32846 CVE-2025-32847 CVE-2025-32848 CVE-2025-32849 CVE-2025-32850 CVE-2025-32851 CVE-2025-32852 CVE-2025-32853 CVE-2025-32854 CVE-2025-32855 CVE-2025-32856 CVE-2025-32857 CVE-2025-32858 CVE-2025-32859 CVE-2025-32860 CVE-2025-32861 CVE-2025-32862 CVE-2025-32863 CVE-2025-32864 CVE-2025-32865 CVE-2025-32866 CVE-2025-32867 CVE-2025-32868 CVE-2025-32869 CVE-2025-32870 CVE-2025-32871 CVE-2025-32872

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/700ed39c-744e-41d5-a3d2-49a68a645a4e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.