Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Telecontrol_server_basic
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-16 | CVE-2025-32866 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a... | Telecontrol_server_basic | 8.8 | ||
| 2025-04-16 | CVE-2025-32867 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a... | Telecontrol_server_basic | 8.8 | ||
| 2025-04-16 | CVE-2025-32868 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where... | Telecontrol_server_basic | 8.8 | ||
| 2025-04-16 | CVE-2025-32869 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where... | Telecontrol_server_basic | 8.8 | ||
| 2025-04-16 | CVE-2025-32870 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a... | Telecontrol_server_basic | 8.8 | ||
| 2025-04-16 | CVE-2025-32871 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a... | Telecontrol_server_basic | 8.8 | ||
| 2025-04-16 | CVE-2025-32872 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a... | Telecontrol_server_basic | 8.8 | ||
| 2025-04-17 | CVE-2025-29931 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in... | Telecontrol_server_basic | N/A | ||
| 2021-08-27 | CVE-2021-40142 | In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | Local_discover_server, Simatic_net_pc, Simatic_process_historian_opc_ua_server_firmware, Simatic_wincc, Simatic_wincc_runtime, Simatic_wincc_unified_scada_runtime, Telecontrol_server_basic | 7.5 | ||
| 2022-03-21 | CVE-2021-45117 | The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference. | Ua\-Nodeset, Simatic_net_pc, Sitop_manager, Telecontrol_server_basic | 6.5 |