CVE-2025-29905

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32872

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32872

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32871

Siemens TeleControl Server Basic (versions before 3.1.2.2) contains SQL injection via the MigrateDatabase path. An authenticated remote attacker who can reach port 8000 can bypass authorization, read/write the application database, and execute code with NT AUTHORITY\NetworkService privileges. Evi...

CVE-2025-32871

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32870

CVE-2025-32870 affects TeleControl Server Basic (versions before 3.1.2.2). A SQL injection via the internal GetTraces method can bypass authorization, enabling reading/writing the application database and executing code with NT AUTHORITY\NetworkService. The attack requires network access to port ...

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32866

CVE-2025-32866 affects Siemens TeleControl Server Basic (all versions

CVE-2025-32865

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write...

CVE-2025-32864

TeleControl Server Basic (versions before 3.1.2.2) is vulnerable to SQL injection in the GetSettings path, allowing an authenticated user to bypass authorization, read/write DB data, and execute code with NT AUTHORITY\NetworkService. Multiple sources corroborate injection across various internal ...

CVE-2025-32863

CVE-2025-32863 affects Siemens TeleControl Server Basic prior to v3.1.2.2. The vulnerability is an SQL injection in the UnlockTraceLevelSettings pathway that can allow an authenticated remote attacker to bypass authorization, read/write the application DB, and execute code with NT AUTHORITY\Netwo...

CVE-2025-32862

CVE-2025-32862 concerns Siemens TeleControl Server Basic. Affected: all versions

CVE-2025-32862

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

CVE-2025-32860

CVE-2025-32860 affects Siemens TeleControl Server Basic before version 3.1.2.2. The vulnerability is an SQL injection via the internal UnlockWebServerGatewaySettings method, enabling an authenticated remote attacker to bypass authorization, read/write the application database, and execute code wi...

CVE-2025-32860

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, t...

CVE-2025-32859

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to...

CVE-2025-32859

The CVE-2025-32859 entry concerns Siemens TeleControl Server Basic prior to version V3.1.2.2, which is vulnerable to SQL injection via the internal LockWebServerGatewaySettings method. An authenticated attacker who can reach port 8000 can bypass authorization and read/write the application databa...

CVE-2025-32858

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, t...

CVE-2025-32857

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...