Telecontrol Server Basic

telecontrol_server_basic

Vendor: Siemens • 77 CVEs

CVEs (77)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-32855 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32854 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockOpcSettings' method. This could allow an...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32853 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockDatabaseSettings' method. This could a...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32852 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could all...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32851 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTcmSettings' method. This could allow...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32850 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32849 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32848 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockSmtpSettings' method. This could allow a...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32847 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGeneralSettings' method. This could al...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32846 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allo...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32845 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGeneralSettings' method. This could al...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32844 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an auth...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32843 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockUser' method. This could allow an authen...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32842 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetUsers' method. This could allow an authen...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetUsers' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32841 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGateway' method. This could allow an a...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGateway' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32840 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGateway' method. This could allow an aut...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGateway' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32839 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow an aut...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32838 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportConnectionVariables' method. This coul...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32837 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveConnectionVariables' method. This c...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32836 1Siemens 1Telecontrol Server Basic Aug 19, 2025 Apr 16, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetConnectionVariables' method. This could a...Show more A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less

Previous 123 4 Next