CVE-2025-32850

Siemens TeleControl Server Basic is affected by a SQL injection in the internal LockTcmSettings method prior to version 3.1.2.2. The vulnerability can allow an authenticated remote attacker to bypass authorization, read/write the application database, and execute code with NT AUTHORITY\NetworkSer...

CVE-2025-32850

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32849

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

CVE-2025-32849

TeleControl Server Basic (All versions

CVE-2025-32849

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

CVE-2025-32848

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from an...

CVE-2025-32848

CVE-2025-32848 affects Siemens TeleControl Server Basic (versions before 3.1.2.2). The vulnerability is an SQL injection in the internally used LockSmtpSettings method, allowing an authenticated remote attacker to bypass authorization, read/write the application DB, and execute code with NT AUTHO...

CVE-2025-32848

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from an...

CVE-2025-32847

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fr...

CVE-2025-32847

TeleControl Server Basic (versions prior to 3.1.2.2) is affected by an SQL injection in the UnlockGeneralSettings path, allowing an authenticated remote actor to bypass authorization, read/write the app’s DB, and execute code with NT AUTHORITY\NetworkService privileges. The vulnerability requires...

CVE-2025-32847

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fr...

CVE-2025-32846

The CVE-2025-32846 issue affects TeleControl Server Basic (versions prior to 3.1.2.2). It enables SQL injection via the internal LockGeneralSettings method, potentially allowing an authenticated remote attacker to bypass authorization, read/write the database, and execute code with NT AUTHORITY\N...

CVE-2025-32846

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

CVE-2025-32846

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

CVE-2025-32845

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fr...

CVE-2025-32845

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fr...

CVE-2025-32845

CVE-2025-32845 concerns Siemens TeleControl Server Basic. The vulnerability is an SQL injection in the internal UpdateGeneralSettings method of all versions earlier than 3.1.2.2. An authenticated remote attacker who can reach port 8000 could bypass authorization, read/write the application’s data...

CVE-2025-32844

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and writ...

CVE-2025-32844

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and writ...

CVE-2025-32844

CVE-2025-32844 affects Siemens TeleControl Server Basic (versions before 3.1.2.2). The vulnerability is an SQL injection in the UnlockUser method that can let an authenticated remote attacker bypass authorization, read/write the database, and execute code with NT AUTHORITY\NetworkService privileg...