The vulnerability of the VerifyUser method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems of the TeleControl Server Basic allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

🗓️ 23 Apr 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

VerifyUser vulnerability in TeleControl Server Basic due to unprotected query language.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-27539	22 Apr 202510:00	–	circl
CNNVD	Siemens TeleControl Server Basic SQL注入漏洞	16 Apr 202500:00	–	cnnvd
CNVD	Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-09147)	21 Apr 202500:00	–	cnvd
CVE	CVE-2025-27539	16 Apr 202517:37	–	cve
Cvelist	CVE-2025-27539	16 Apr 202517:37	–	cvelist
EUVD	EUVD-2025-11450	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Siemens TeleControl Server	17 Apr 202507:14	–	ncsc
NVD	CVE-2025-27539	16 Apr 202518:16	–	nvd
OSV	CVE-2025-27539	16 Apr 202518:16	–	osv
Positive Technologies	PT-2025-16808 · Unknown · Telecontrol Server Basic	21 Feb 202500:00	–	ptsecurity

Vulners

Node

siemens_ag telecontrol_server_basicRange<3.1.2.2

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-443402.html
zerodayinitiative	www.zerodayinitiative.com/advisories/upcoming/
web	www.web.nvd.nist.gov/view/vuln/detail

23 Apr 2025 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 39.8

CVSS 210

EPSS0.00807

VerifyUser method telemetry systems telemechanics systems TeleControl Server Basic structured query language