367 matches found
CVE-2025-32829
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, t...
CVE-2025-32847
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fr...
CVE-2025-32831
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
CVE-2025-32857
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
CVE-2025-32851
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...
CVE-2025-32824
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...
CVE-2025-32859
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to...
CVE-2025-32837
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetActiveConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to...
CVE-2025-32855
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...
CVE-2025-27540
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and...
CVE-2025-27495
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and...
CVE-2025-31343
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on April 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-112-01 Siemens TeleControl Server Basic SQL ICSA-25-112-02 Siemens TeleControl Server...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08361)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method GetProjects, which can be exploited by an attacker to bypass...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08616)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an internal method UpdateConnectionVariableArchivingBuffering, which can be exploited by an attacker to bypa...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-09143)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from the internally used 'UpdateOpcSettings' method. An attacker could exploit the vulnerability to cause bypass o...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08353)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UpdateDatabaseSettings, which can be exploited by an attacker to bypas...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08600)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UnlockTcmSettings, which can be exploited by an attacker to bypass...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-09142)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that stems from the internally used 'LockProject' method. An attacker could exploit the vulnerability to cause bypass of...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08610)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an internal method, UnlockGateway, which can be exploited by an attacker to bypass authorization controls an...