OTPulse
FeedAboutContact

Local Privilege Escalation Vulnerability in TeleControl Server Basic Before V3.1.2.4

Plan Patch8.8SSA-192617Jan 13, 2026
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability (CWE-250) that allows a user with local access to run arbitrary code with elevated system privileges. The vulnerability has a CVSS score of 8.8 with high impact to confidentiality, integrity, and availability.

What this means
What could happen
An attacker with a local user account on the TeleControl Server could elevate privileges to run arbitrary code, potentially gaining control of the server and any connected systems it manages.
Who's at risk
Any organization using Siemens TeleControl Server Basic to manage remote telecontrol and SCADA infrastructure should apply this update. This affects power utilities, water authorities, and other critical infrastructure operators who rely on TeleControl Server for remote device management and monitoring.
How it could be exploited
An attacker with valid local credentials on a TeleControl Server can exploit the privilege escalation vulnerability to run commands with elevated system privileges, gaining the ability to modify system configuration, access sensitive data, or control connected field devices.
Prerequisites
  • Valid local user account on the TeleControl Server
  • Local access to the system or remote access via terminal service/RDP
  • TeleControl Server Basic version prior to 3.1.2.4
Privilege escalation to system levelRequires local credentialsLow complexity attackHigh CVSS score (8.8)
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
TeleControl Server Basic< 3.1.2.43.1.2.4
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TeleControl Server Basic to version 3.1.2.4 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/729ef0f9-bca4-4bbf-ac64-ea220792babd
Local Privilege Escalation Vulnerability in TeleControl Server Basic Before V3.1.2.4 | CVSS 8.8 - OTPulse