Information Disclosure Vulnerability in TeleControl Server Basic V3.1

Act Now9.8SSA-062309Oct 14, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

TeleControl Server Basic V3.1 (versions 3.1.2.2 and earlier) contains an information disclosure vulnerability that allows an unauthenticated remote attacker to obtain user password hashes and gain authenticated access to the database service. This enables an attacker to log in and perform any authenticated operations, potentially viewing or modifying system configuration and operational data. The vulnerability is due to insufficient authentication controls on the database service.

What this means

What could happen

An unauthenticated attacker on the network could extract user password hashes and gain full database access, potentially allowing them to view or modify critical control system configuration and operational data without valid credentials.

Who's at risk

Water utilities, electric utilities, and other infrastructure operators running Siemens TeleControl Server Basic for remote monitoring and management of SCADA systems or distributed control network assets should prioritize this update.

How it could be exploited

An attacker with network access to the TeleControl Server Basic would send unauthenticated requests to the database service to retrieve password hashes and authentication tokens, then use those credentials to log in and execute authenticated database operations.

Prerequisites

Network access to the TeleControl Server Basic service port
Service must be running the vulnerable version (3.1.2.2 or earlier)
No authentication credentials required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects control system credential database

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

TeleControl Server Basic V3.1≥ 3.1.2.2, < 3.1.2.33.1.2.3

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TeleControl Server Basic to version 3.1.2.3 or later

CVEs (1)

CVE-2025-40765

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4bbe8a40-9696-4284-a919-31b29906566d