Multiple SQL Injection Vulnerabilities in TeleControl Server Basic before V3.1.2.2

Act Now9.8SSA-443402Apr 16, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

TeleControl Server Basic before V3.1.2.2 contains multiple SQL injection vulnerabilities in legacy code patterns. An unauthenticated attacker with network access can read and write to the application database, cause denial of service, and execute operating system commands with NT AUTHORITY\NetworkService privileges. The root cause has been identified and fixed in version 3.1.2.2.

What this means

What could happen

An attacker with network access could inject SQL commands into TeleControl Server Basic to read or modify the database, deny service to operators, or execute operating system commands with limited privileges. This could compromise remote terminal server operations, alarm handling, or process data integrity.

Who's at risk

Water utilities, electric utilities, and industrial facilities using Siemens TeleControl Server Basic for remote terminal management, SCADA data display, or alarm handling should prioritize this update. Any organization relying on TeleControl Server Basic to manage field device communications or store operational data is at risk.

How it could be exploited

An attacker sends malicious SQL commands through a network-accessible input field or API endpoint of TeleControl Server Basic. The application concatenates user input directly into SQL queries without sanitization, allowing the attacker to break out of the intended query and execute arbitrary SQL or OS commands through SQL features like xp_cmdshell.

Prerequisites

Network access to TeleControl Server Basic application port
No authentication required to reach vulnerable input
Application must be exposed to attacker's network

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)allows database read/writeallows OS command execution

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

TeleControl Server Basic< V3.1.2.23.1.2.2

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TeleControl Server Basic to version 3.1.2.2 or later

CVEs (67)

CVE-2025-27495 CVE-2025-27539 CVE-2025-27540 CVE-2025-29905 CVE-2025-30002 CVE-2025-30003 CVE-2025-30030 CVE-2025-30031 CVE-2025-30032 CVE-2025-31343 CVE-2025-31349 CVE-2025-31350 CVE-2025-31351 CVE-2025-31352 CVE-2025-31353 CVE-2025-32475 CVE-2025-32822 CVE-2025-32823 CVE-2025-32824 CVE-2025-32825 CVE-2025-32826 CVE-2025-32827 CVE-2025-32828 CVE-2025-32829 CVE-2025-32830 CVE-2025-32831 CVE-2025-32832 CVE-2025-32833 CVE-2025-32834 CVE-2025-32835 CVE-2025-32836 CVE-2025-32837 CVE-2025-32838 CVE-2025-32839 CVE-2025-32840 CVE-2025-32841 CVE-2025-32842 CVE-2025-32843 CVE-2025-32844 CVE-2025-32845 CVE-2025-32846 CVE-2025-32847 CVE-2025-32848 CVE-2025-32849 CVE-2025-32850 CVE-2025-32851 CVE-2025-32852 CVE-2025-32853 CVE-2025-32854 CVE-2025-32855 CVE-2025-32856 CVE-2025-32857 CVE-2025-32858 CVE-2025-32859 CVE-2025-32860 CVE-2025-32861 CVE-2025-32862 CVE-2025-32863 CVE-2025-32864 CVE-2025-32865 CVE-2025-32866 CVE-2025-32867 CVE-2025-32868 CVE-2025-32869 CVE-2025-32870 CVE-2025-32871 CVE-2025-32872

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/84df7efe-da00-41d4-82c7-c5da104c4ea8