OTPulse
FeedAboutContact

Siemens TeleControl Server Basic

Act Now9.8ICS-CERT ICSA-25-289-09Oct 14, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

TeleControl Server Basic V3.1 (versions 3.1.2.2 and earlier) contains an information disclosure vulnerability that allows an unauthenticated remote attacker to retrieve password hashes of users and obtain credentials to log in to the database service. Once authenticated, an attacker can perform database operations with the same permissions as legitimate users.

What this means
What could happen
An attacker can extract password hashes of TeleControl Server users and gain authenticated database access without credentials, potentially allowing them to modify remote control configurations, historical data, or disable monitoring and logging of the water/power distribution system.
Who's at risk
Water utilities and electric distribution operators who use Siemens TeleControl Server Basic V3.1 to manage remote telemetry stations, outstation controllers, or SCADA frontend systems. Any organization relying on this server for remote monitoring and control of substations, pumping stations, or distribution automation devices.
How it could be exploited
An attacker on the network sends an unauthenticated request to port 8000 on the TeleControl Server Basic to retrieve password hashes and gain database service credentials. With these credentials, they can log in and perform database operations with the same privileges as a legitimate user.
Prerequisites
  • Network access to port 8000 on the affected TeleControl Server
  • No authentication or credentials required to extract password hashes
Remotely exploitableNo authentication requiredLow complexity attackAffects database credentials for SCADA systemsNetwork-accessible critical infrastructure component
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
TeleControl Server Basic V3.1≥ 3.1.2.2, < 3.1.2.33.1.2.3
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to port 8000 to only trusted IP addresses using firewall rules
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TeleControl Server Basic V3.1 to version 3.1.2.3 or later
Long-term hardening
0/1
HARDENINGPlace TeleControl Server on a segregated network segment isolated from business networks and the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ac7225fe-d2ae-4683-9f0b-2b5e9b7e55bb