VYPR

Telecontrol Server Basic

by Siemens Foundation

CVEs (77)

  • CVE-2018-4836HigJan 25, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.

  • CVE-2019-6575HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC…

  • CVE-2018-4837HigJan 25, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server…

  • CVE-2018-4835MedJan 25, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.

  • CVE-2024-44102Nov 12, 2024
    risk 0.01cvss epss 0.01

    A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured),…

  • CVE-2025-40942Jan 13, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.

  • CVE-2025-40765Oct 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to…

  • CVE-2025-29931Apr 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow…

  • CVE-2025-32872Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-32871Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-32870Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls,…

  • CVE-2025-32869Apr 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-32868Apr 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-32867Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-32866Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authenticated remote attacker to bypass authorization controls, to…

  • CVE-2025-32865Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authenticated remote attacker to bypass authorization controls,…

  • CVE-2025-32864Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-32863Apr 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass…

  • CVE-2025-32862Apr 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass…

  • CVE-2025-32861Apr 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass…

Page 1 of 4