Siemens TeleControl Server Basic

Plan PatchCVSS 9.8ICS-CERT ICSA-25-289-09Oct 14, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

TeleControl Server Basic V3.1 (versions 3.1.2.2 and earlier) contains an unauthenticated information disclosure vulnerability on port 8000 that allows remote attackers to retrieve password hashes of database users and subsequently authenticate to the database service using those credentials. Once authenticated, an attacker can perform any operation the compromised account is authorized for, including reading and modifying operational data and control settings. The vulnerability affects versions 3.1.2.2 and earlier; version 3.1.2.3 and later contain the fix.

What this means

What could happen

An unauthenticated attacker on your network can extract password hashes and gain legitimate database access to TeleControl Server Basic, potentially altering remote control commands, sensor readings, or operational settings without authentication.

Who's at risk

Water and electric utilities, treatment plants, and other critical infrastructure operators running Siemens TeleControl Server Basic for SCADA communications and remote facility management should assess exposure of this remote telemetry server.

How it could be exploited

An attacker with network access to port 8000 sends an unauthenticated request to the TeleControl Server Basic service, receives password hashes in the response, and uses those credentials to authenticate to the database service and perform authorized operations like modifying control logic or reading sensitive process data.

Prerequisites

Network access to port 8000 on the TeleControl Server Basic system
System running TeleControl Server Basic V3.1 version 3.1.2.2 or earlier
No credentials required for initial information disclosure

remotely exploitableno authentication requiredlow complexitypassword hash disclosuredatabase access without valid credentials

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

TeleControl Server Basic V3.1≥ 3.1.2.2, < 3.1.2.33.1.2.3

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict network access to port 8000 to trusted IP addresses only using firewall rules

HARDENINGSegment TeleControl Server Basic from the internet and untrusted networks using firewall or air-gap controls

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TeleControl Server Basic V3.1 to version 3.1.2.3 or later

CVEs (1)

CVE-2025-40765

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ac7225fe-d2ae-4683-9f0b-2b5e9b7e55bb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.