Siemens TeleControl Server Basic CreateProject SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2025-31351

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method CreateProject, which can be exploited by an attacker to bypass...

DoS: Attacker May Front-Run CoreFactory.createProject() Or CoreFactory.addCollection() With A collection.id Causing Future Transactions With The Same collection.id to Revert

Lines of code Vulnerability details Impact A collection.id may only be used once in CoreFactory.createCollection since the the contract is deployed using the create2 opcode with a repeated salt and contract bytecode will fail to deploy a contract. Furthermore, the modifier onlyAvailableCollection...