CVE-2025-27540 | A vulnerability has been identified in TeleControl Server Ba… | CVSS 9.8 CRITICAL

Description

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25913)

Metadata

CVE ID: CVE-2025-27540
State: PUBLISHED
Assigner: siemens
Reserved: 2025-02-28 15:19 UTC
Published: 2025-04-16 17:37 UTC
Last updated: 2025-04-17 14:21 UTC
Primary CWE: CWE-89
CWE-89: Improper Neutralization of Special Elements used in …
Vendor / Product: Siemens / TeleControl Server Basic
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Siemens	TeleControl Server Basic	—	0 < V3.1.2.2

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores (2)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

References (1)

https://cert-portal.siemens.com/productcert/html/ssa-443402.html