← Back

Siemens

siemens

2,161 CVEs • 4,155 products

Products (4,155)

Click to collapse
Toggle
Teamcenter Visualization
teamcenter_visualization
188 CVEs
Jt2go
jt2go
166 CVEs
Tecnomatix Plant Simulation
tecnomatix_plant_simulation
85 CVEs
Telecontrol Server Basic
telecontrol_server_basic
77 CVEs
Simcenter Femap
simcenter_femap
77 CVEs
Sinema Remote Connect Server
sinema_remote_connect_server
71 CVEs
Sinec Infrastructure Network Services
sinec_infrastructure_network_services
68 CVEs
Scalance W1750d Firmware
scalance_w1750d_firmware
62 CVEs
Parasolid
parasolid
52 CVEs
Solid Edge
solid_edge
47 CVEs
Wincc
wincc
43 CVEs
Sinec Nms
sinec-nms
43 CVEs
Sinec Ins
sinec_ins
42 CVEs
Solid Edge Se2023
solid_edge_se2023
36 CVEs
Sppa T3000 Ms3000 Migration Server
sppa-t3000_ms3000_migration_server
35 CVEs
Jt Utilities
jt_utilities
32 CVEs
Comos
comos
31 CVEs
Simatic Wincc
simatic_wincc
30 CVEs
Jt Open Toolkit
jt_open_toolkit
29 CVEs
Scalance Lpe9403 Firmware
scalance_lpe9403_firmware
27 CVEs
Simatic Pcs 7
simatic_pcs_7
25 CVEs
Simatic Pcs7
simatic_pcs7
25 CVEs
Nucleus Net
nucleus_net
25 CVEs
Nucleus Source Code
nucleus_source_code
25 CVEs
Scalance S615 Firmware
scalance_s615_firmware
24 CVEs
Simatic Itp1000 Firmware
simatic_itp1000_firmware
24 CVEs
Simatic Ipc477e Firmware
simatic_ipc477e_firmware
24 CVEs
Simatic Ipc427e Firmware
simatic_ipc427e_firmware
24 CVEs
Simatic Pcs Neo
simatic_pcs_neo
24 CVEs
Ruggedcom Rox Mx5000 Firmware
ruggedcom_rox_mx5000_firmware
23 CVEs
Ruggedcom Rox Rx1400 Firmware
ruggedcom_rox_rx1400_firmware
23 CVEs
Ruggedcom Rox Rx1500 Firmware
ruggedcom_rox_rx1500_firmware
23 CVEs
Ruggedcom Rox Rx1501 Firmware
ruggedcom_rox_rx1501_firmware
23 CVEs
Ruggedcom Rox Rx1510 Firmware
ruggedcom_rox_rx1510_firmware
23 CVEs
Ruggedcom Rox Rx1511 Firmware
ruggedcom_rox_rx1511_firmware
23 CVEs
Ruggedcom Rox Rx1512 Firmware
ruggedcom_rox_rx1512_firmware
23 CVEs
Ruggedcom Rox Rx5000 Firmware
ruggedcom_rox_rx5000_firmware
23 CVEs
Simatic Field Pg M5 Firmware
simatic_field_pg_m5_firmware
22 CVEs
Nucleus Readystart V3
nucleus_readystart_v3
20 CVEs
Pads Viewer
pads_viewer
20 CVEs
Solid Edge Se2024
solid_edge_se2024
20 CVEs
Simatic Step 7
simatic_step_7
19 CVEs
Simatic Itc1500 Firmware
simatic_itc1500_firmware
19 CVEs
Simatic Itc1500 Pro Firmware
simatic_itc1500_pro_firmware
19 CVEs
Simatic Itc1900 Firmware
simatic_itc1900_firmware
19 CVEs
Simatic Itc1900 Pro Firmware
simatic_itc1900_pro_firmware
19 CVEs
Simatic Itc2200 Firmware
simatic_itc2200_firmware
19 CVEs
Simatic Itc2200 Pro Firmware
simatic_itc2200_pro_firmware
19 CVEs
Sppa T3000 Application Server
sppa-t3000_application_server
19 CVEs
Simatic Ipc627e Firmware
simatic_ipc627e_firmware
19 CVEs
Simatic Ipc647e Firmware
simatic_ipc647e_firmware
19 CVEs
Simatic Ipc847e Firmware
simatic_ipc847e_firmware
19 CVEs
Ruggedcom Rox Rx1524 Firmware
ruggedcom_rox_rx1524_firmware
19 CVEs
Ruggedcom Rox Rx1536 Firmware
ruggedcom_rox_rx1536_firmware
19 CVEs
Tecnomatix
tecnomatix
19 CVEs
Simatic Field Pg M6 Firmware
simatic_field_pg_m6_firmware
18 CVEs
Simatic Ipc677e Firmware
simatic_ipc677e_firmware
18 CVEs
Sinema Server
sinema_server
17 CVEs
Opcenter Quality
opcenter_quality
17 CVEs
Simatic S7 1200 Cpu 1211c Firmware
simatic_s7-1200_cpu_1211c_firmware
16 CVEs
Simatic S7 1200 Cpu 1212c Firmware
simatic_s7-1200_cpu_1212c_firmware
16 CVEs
Simatic S7 1200 Cpu 1214c Firmware
simatic_s7-1200_cpu_1214c_firmware
16 CVEs
Sipass Integrated
sipass_integrated
16 CVEs
Logo! 8 Bm Firmware
logo!_8_bm_firmware
16 CVEs
Apogee Pxc Modular Firmware
apogee_pxc_modular_firmware
16 CVEs
Talon Tc Compact Firmware
talon_tc_compact_firmware
16 CVEs
Tim 1531 Irc Firmware
tim_1531_irc_firmware
16 CVEs
Scalance Xf204 Firmware
scalance_xf204_firmware
16 CVEs
Scalance Xf204 2ba Irt Firmware
scalance_xf204-2ba_irt_firmware
16 CVEs
Ruggedcom Crossbow
ruggedcom_crossbow
16 CVEs
Simatic Cn 4100 Firmware
simatic_cn_4100_firmware
16 CVEs
Sinec Traffic Analyzer
sinec_traffic_analyzer
16 CVEs
Scalance X308 2m Firmware
scalance_x308-2m_firmware
15 CVEs
Simatic S7 1200 Cpu 1215c Firmware
simatic_s7-1200_cpu_1215c_firmware
15 CVEs
Simatic S7 1200 Cpu 1217c Firmware
simatic_s7-1200_cpu_1217c_firmware
15 CVEs
Talon Tc Modular Firmware
talon_tc_modular_firmware
15 CVEs
Simatic Hmi Ktp Mobile Panels Ktp400f Firmware
simatic_hmi_ktp_mobile_panels_ktp400f_firmware
15 CVEs
Simatic Hmi Ktp Mobile Panels Ktp700 Firmware
simatic_hmi_ktp_mobile_panels_ktp700_firmware
15 CVEs
Simatic Hmi Ktp Mobile Panels Ktp700f Firmware
simatic_hmi_ktp_mobile_panels_ktp700f_firmware
15 CVEs
Simatic Hmi Ktp Mobile Panels Ktp900 Firmware
simatic_hmi_ktp_mobile_panels_ktp900_firmware
15 CVEs
Simatic Hmi Ktp Mobile Panels Ktp900f Firmware
simatic_hmi_ktp_mobile_panels_ktp900f_firmware
15 CVEs
Apogee Modular Equiment Controller Firmware
apogee_modular_equiment_controller_firmware
15 CVEs
Apogee Modular Building Controller Firmware
apogee_modular_building_controller_firmware
15 CVEs
Solid Edge Se2021 Firmware
solid_edge_se2021_firmware
15 CVEs
Automation License Manager
automation_license_manager
14 CVEs
Simatic S7 1500 Cpu Firmware
simatic_s7-1500_cpu_firmware
14 CVEs
Simatic Wincc (tia Portal)
simatic_wincc_(tia_portal)
14 CVEs
Sinvr 3 Central Control Server
sinvr_3_central_control_server
14 CVEs
Sinvr 3 Video Server
sinvr_3_video_server
14 CVEs
Capital Vstar
capital_vstar
14 CVEs
Scalance X307 3 Firmware
scalance_x307-3_firmware
14 CVEs
Scalance X307 3ld Firmware
scalance_x307-3ld_firmware
14 CVEs
Scalance X308 2 Firmware
scalance_x308-2_firmware
14 CVEs
Scalance X308 2ld Firmware
scalance_x308-2ld_firmware
14 CVEs
Scalance X308 2lh Firmware
scalance_x308-2lh_firmware
14 CVEs
Scalance X308 2m Ts Firmware
scalance_x308-2m_ts_firmware
14 CVEs
Scalance X310 Firmware
scalance_x310_firmware
14 CVEs
Scalance X310fe Firmware
scalance_x310fe_firmware
14 CVEs
Scalance X320 1fe Firmware
scalance_x320-1fe_firmware
14 CVEs
Scalance Xr324 12m Firmware
scalance_xr324-12m_firmware
14 CVEs

CVEs (2,161)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-32871
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32870
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authe...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32869
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32868
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32867
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an au...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32866
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authent...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32865
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authe...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32864
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow an aut...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32863
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32862
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTraceLevelSettings' method. This could a...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32861
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTraceLevelSettings' method. This could...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32860
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockWebServerGatewaySettings' method. This...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32859
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This c...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32858
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateWebServerGatewaySettings' method. This...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32857
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32856
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockBufferingSettings' method. This could al...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32855
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32854
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockOpcSettings' method. This could allow an...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32853
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockDatabaseSettings' method. This could a...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less
CVE-2025-32852
1Siemens
1Telecontrol Server Basic
Aug 19, 2025
Apr 16, 2025
8.7 HIGH· v4
8.8 HIGH· v3
N/A· v2
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could all...Show more
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.Show less