CVE-2025-32870

CVE-2025-32870 affects TeleControl Server Basic (versions before 3.1.2.2). A SQL injection via the internal GetTraces method can bypass authorization, enabling reading/writing the application database and executing code with NT AUTHORITY\NetworkService. The attack requires network access to port ...

CVE-2025-32870

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write...

CVE-2025-32870

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write...

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32869

TeleControl Server Basic (versions

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32868

CVE-2025-32868 affects Siemens TeleControl Server Basic prior to v3.1.2.2. An SQL injection via the internal ExportCertificate method can let an attacker read/write the database and execute code with NT AUTHORITY\NetworkService privileges, given network access to port 8000. Multiple sources confi...

CVE-2025-32868

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32867

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32867

The CVE-2025-32867 issue affects TeleControl Server Basic (versions prior to 3.1.2.2). A SQL injection vulnerability exists in the CreateBackup method that can allow an authenticated remote attacker to bypass authorization and read from/write to the database, potentially executing code with NT AU...

CVE-2025-32867

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32866

CVE-2025-32866 affects Siemens TeleControl Server Basic (all versions

CVE-2025-32866

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write t...

CVE-2025-32866

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write t...

CVE-2025-32865

TeleControl Server Basic (all versions before 3.1.2.2) is affected by an SQL injection in the CreateLog method that can be exploited by an authenticated remote attacker who has access to port 8000. Successful exploitation may bypass authorization, read/write the application’s database, and execut...

CVE-2025-32865

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write...

CVE-2025-32865

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write...

CVE-2025-32864

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32864

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32864

TeleControl Server Basic (versions before 3.1.2.2) is vulnerable to SQL injection in the GetSettings path, allowing an authenticated user to bypass authorization, read/write DB data, and execute code with NT AUTHORITY\NetworkService. Multiple sources corroborate injection across various internal ...