VYPR

Telecontrol Server Basic

by Siemens Foundation

CVEs (77)

  • CVE-2025-31349HigApr 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-31343HigApr 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-30032HigApr 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass…

  • CVE-2025-30031HigApr 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateUsers' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-30030HigApr 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2025-30003HigApr 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass…

  • CVE-2025-30002HigApr 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass…

  • CVE-2025-29905HigApr 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization…

  • CVE-2018-4836HigJan 25, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.

  • CVE-2022-43513HigJan 10, 2023
    risk 0.53cvss 8.2epss 0.01

    A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input…

  • CVE-2022-43514HigJan 10, 2023
    risk 0.50cvss 7.7epss 0.02

    A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected component does not correctly validate the root path on folder…

  • CVE-2019-6575HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC…

  • CVE-2018-4837HigJan 25, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server…

  • CVE-2018-4835MedJan 25, 2018
    risk 0.35cvss 5.3epss 0.02

    A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.

  • CVE-2025-29931LowApr 17, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow…

  • CVE-2025-40942Jan 13, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.

  • CVE-2025-40765Oct 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to…

Page 4 of 4