Siemens TeleControl Server Basic SQL

Act Now9.8ICS-CERT ICSA-25-112-01Apr 16, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

TeleControl Server Basic before V3.1.2.2 contains multiple SQL injection vulnerabilities in the web application that allow an attacker to read and write to the application database, cause denial of service, and execute OS commands with NT AUTHORITY\NetworkService privileges. Root-cause analysis identified legacy design patterns in the codebase that created these vulnerabilities across multiple locations. Version 3.1.2.2 addresses all identified SQL injection occurrences.

What this means

What could happen

An attacker could exploit SQL injection flaws to read or modify the TeleControl Server database, disrupt monitoring and control operations, or execute arbitrary commands on the server with limited network service account privileges.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Siemens TeleControl Server Basic for SCADA monitoring and remote telemetry functions. This impacts supervisory control and monitoring of field devices and substations.

How it could be exploited

An attacker on the network sends malicious SQL commands through the web interface on port 8000 to bypass input validation, gaining unauthorized access to the database or executing OS commands. No authentication is required.

Prerequisites

Network access to port 8000 on the TeleControl Server
No authentication required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects monitoring and control systems

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

TeleControl Server Basic<V3.1.2.23.1.2.2

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to port 8000 to only trusted IP addresses using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TeleControl Server Basic to version 3.1.2.2 or later

Long-term hardening

0/2

HARDENINGPlace TeleControl Server systems behind a firewall and isolate from business networks

HARDENINGUse VPN for any required remote access to TeleControl Server

CVEs (67)

CVE-2025-27495 CVE-2025-27539 CVE-2025-27540 CVE-2025-29905 CVE-2025-30002 CVE-2025-30003 CVE-2025-30030 CVE-2025-30031 CVE-2025-30032 CVE-2025-31343 CVE-2025-31349 CVE-2025-31350 CVE-2025-31351 CVE-2025-31352 CVE-2025-31353 CVE-2025-32475 CVE-2025-32822 CVE-2025-32823 CVE-2025-32824 CVE-2025-32825 CVE-2025-32826 CVE-2025-32827 CVE-2025-32828 CVE-2025-32829 CVE-2025-32830 CVE-2025-32831 CVE-2025-32832 CVE-2025-32833 CVE-2025-32834 CVE-2025-32835 CVE-2025-32836 CVE-2025-32837 CVE-2025-32838 CVE-2025-32839 CVE-2025-32840 CVE-2025-32841 CVE-2025-32842 CVE-2025-32843 CVE-2025-32844 CVE-2025-32845 CVE-2025-32846 CVE-2025-32847 CVE-2025-32848 CVE-2025-32849 CVE-2025-32850 CVE-2025-32851 CVE-2025-32852 CVE-2025-32853 CVE-2025-32854 CVE-2025-32855 CVE-2025-32856 CVE-2025-32857 CVE-2025-32858 CVE-2025-32859 CVE-2025-32860 CVE-2025-32861 CVE-2025-32862 CVE-2025-32863 CVE-2025-32864 CVE-2025-32865 CVE-2025-32866 CVE-2025-32867 CVE-2025-32868 CVE-2025-32869 CVE-2025-32870 CVE-2025-32871 CVE-2025-32872

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/700ed39c-744e-41d5-a3d2-49a68a645a4e