ICSA-25-112-01 · Published 2025-05-06 · View on CISA ICS-CERT ↗

Siemens TeleControl Server Basic SQL

CVSS 9.8 CRITICAL

CVEs (67)

CVE-2025-27495 CVE-2025-27539 CVE-2025-27540 CVE-2025-29905 CVE-2025-30002 CVE-2025-30003 CVE-2025-30030 CVE-2025-30031 CVE-2025-30032 CVE-2025-31343 CVE-2025-31349 CVE-2025-31350 CVE-2025-31351 CVE-2025-31352 CVE-2025-31353 CVE-2025-32475 CVE-2025-32822 CVE-2025-32823 CVE-2025-32824 CVE-2025-32825 CVE-2025-32826 CVE-2025-32827 CVE-2025-32828 CVE-2025-32829 CVE-2025-32830 CVE-2025-32831 CVE-2025-32832 CVE-2025-32833 CVE-2025-32834 CVE-2025-32835 CVE-2025-32836 CVE-2025-32837 CVE-2025-32838 CVE-2025-32839 CVE-2025-32840 CVE-2025-32841 CVE-2025-32842 CVE-2025-32843 CVE-2025-32844 CVE-2025-32845 CVE-2025-32846 CVE-2025-32847 CVE-2025-32848 CVE-2025-32849 CVE-2025-32850 CVE-2025-32851 CVE-2025-32852 CVE-2025-32853 CVE-2025-32854 CVE-2025-32855 CVE-2025-32856 CVE-2025-32857 CVE-2025-32858 CVE-2025-32859 CVE-2025-32860 CVE-2025-32861 CVE-2025-32862 CVE-2025-32863 CVE-2025-32864 CVE-2025-32865 CVE-2025-32866 CVE-2025-32867 CVE-2025-32868 CVE-2025-32869 CVE-2025-32870 CVE-2025-32871 CVE-2025-32872

Remediations

Restrict access to port 8000 on the affected systems to trusted IP addresses only
Update to V3.1.2.2 or later version

Affected Vendors

Siemens

Affected Products (1)

Siemens · TeleControl Server Basic <V3.1.2.2

Affected Sectors

Energy, Water and Wastewater Systems, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more