9 matches found
CVE-2025-31349
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...
CVE-2025-32869
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...
CVE-2025-30003
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
CVE-2025-32867
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...
CVE-2025-32846
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...
CVE-2025-32831
The CVE-2025-32831 flaw affects Siemens TeleControl Server Basic (versions prior to 3.1.2.2), with SQL injection via the internal UpdateProjectUserRights method. Attackers authenticated to the system could read/write the application DB and execute code with NT AUTHORITY\NetworkService permissions...
CVE-2025-32825
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...
CVE-2025-32825
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...
CVE-2025-30032
CVE-2025-30032 affects Siemens TeleControl Server Basic (versions prior to 3.1.2.2). The vulnerability is a SQL injection in the internal UpdateDatabaseSettings method, allowing an authenticated remote attacker to bypass authorization, read/write the application database, and execute code with NT...