CVE-2025-31349

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

CVE-2025-31349

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

CVE-2025-31351

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-30003

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

CVE-2025-30032

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

CVE-2025-30032

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

CVE-2025-30031

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateUsers' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-30002

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to rea...

CVE-2025-30030

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-30002

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to rea...

CVE-2025-27495

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-29905

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-27539

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-29905

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-27540

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32872

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32872

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32871

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32871

Siemens TeleControl Server Basic (versions before 3.1.2.2) contains SQL injection via the MigrateDatabase path. An authenticated remote attacker who can reach port 8000 can bypass authorization, read/write the application database, and execute code with NT AUTHORITY\NetworkService privileges. Evi...

CVE-2025-32870

CVE-2025-32870 affects TeleControl Server Basic (versions before 3.1.2.2). A SQL injection via the internal GetTraces method can bypass authorization, enabling reading/writing the application database and executing code with NT AUTHORITY\NetworkService. The attack requires network access to port ...