Vendor CVEs
Siemens Foundation
All CVEs
2,020 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32842 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetUsers' method. This could allow an authenticated remote attacker to bypass authorization controls,… | |||
| CVE-2025-32841 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGateway' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32840 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGateway' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32839 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32838 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportConnectionVariables' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-32837 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveConnectionVariables' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-32836 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetConnectionVariables' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-32835 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariableArchivingBuffering' method. This could allow an authenticated remote attacker… | |||
| CVE-2025-32834 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow an authenticated remote attacker to… | |||
| CVE-2025-32833 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-32832 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectUserRights' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-32831 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-32830 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32829 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-32828 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-32827 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ActivateProject' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32826 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32825 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32824 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32823 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProject' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32822 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'DeleteProject' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-32475 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProject' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-31353 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-31352 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGateways' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-31351 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-31350 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateBufferingSettings' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-31349 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-31343 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-30032 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-30031 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateUsers' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-30030 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-30003 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-30002 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass… | |||
| CVE-2025-29905 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization… | |||
| CVE-2025-27540 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization… | |||
| CVE-2025-27539 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to bypass authorization… | |||
| CVE-2025-27495 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization… | |||
| CVE-2024-41796 | 0.00 | — | 0.00 | Apr 8, 2025 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated… | |||
| CVE-2024-41795 | 0.00 | — | 0.00 | Apr 8, 2025 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking… | |||
| CVE-2024-41794 | 0.00 | — | 0.01 | Apr 8, 2025 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to… | |||
| CVE-2024-41793 | 0.00 | — | 0.01 | Apr 8, 2025 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote… | |||
| CVE-2024-41792 | 0.00 | — | 0.01 | Apr 8, 2025 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthenticated attacker it to access arbitrary files on the device with root privileges. | |||
| CVE-2024-41791 | 0.00 | — | 0.00 | Apr 8, 2025 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset… | |||
| CVE-2024-41790 | 0.00 | — | 0.01 | Apr 8, 2025 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root… | |||
| CVE-2024-41789 | 0.00 | — | 0.01 | Apr 8, 2025 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root… | |||
| CVE-2024-41788 | 0.00 | — | 0.01 | Apr 8, 2025 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root… | |||
| CVE-2025-25175 | 0.00 | — | 0.00 | Mar 13, 2025 | A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an… | |||
| CVE-2025-27494 | 0.00 | — | 0.00 | Mar 11, 2025 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote… | |||
| CVE-2025-27493 | 0.00 | — | 0.00 | Mar 11, 2025 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an… | |||
| CVE-2025-27438 | 0.00 | — | 0.00 | Mar 11, 2025 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002),… |
- CVE-2025-32842Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetUsers' method. This could allow an authenticated remote attacker to bypass authorization controls,…
- CVE-2025-32841Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGateway' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32840Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGateway' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32839Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32838Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportConnectionVariables' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-32837Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveConnectionVariables' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-32836Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetConnectionVariables' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-32835Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariableArchivingBuffering' method. This could allow an authenticated remote attacker…
- CVE-2025-32834Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow an authenticated remote attacker to…
- CVE-2025-32833Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-32832Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectUserRights' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-32831Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-32830Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32829Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-32828Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-32827Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ActivateProject' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32826Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32825Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32824Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32823Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProject' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32822Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'DeleteProject' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-32475Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProject' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-31353Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-31352Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGateways' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-31351Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-31350Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateBufferingSettings' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-31349Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-31343Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-30032Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-30031Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateUsers' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-30030Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-30003Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-30002Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass…
- CVE-2025-29905Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization…
- CVE-2025-27540Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization…
- CVE-2025-27539Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to bypass authorization…
- CVE-2025-27495Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization…
- CVE-2024-41796Apr 8, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated…
- CVE-2024-41795Apr 8, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking…
- CVE-2024-41794Apr 8, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to…
- CVE-2024-41793Apr 8, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote…
- CVE-2024-41792Apr 8, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthenticated attacker it to access arbitrary files on the device with root privileges.
- CVE-2024-41791Apr 8, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset…
- CVE-2024-41790Apr 8, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root…
- CVE-2024-41789Apr 8, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root…
- CVE-2024-41788Apr 8, 2025risk 0.00cvss —epss 0.01
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root…
- CVE-2025-25175Mar 13, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an…
- CVE-2025-27494Mar 11, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote…
- CVE-2025-27493Mar 11, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an…
- CVE-2025-27438Mar 11, 2025risk 0.00cvss —epss 0.00
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002),…
Page 12 of 41