← Back to home
SIEMENS-SSA-443402  ·  Published 2025-04-16  ·  View on Siemens ProductCERT ↗

SSA-443402 V1.0: Multiple SQL Injection Vulnerabilities in TeleControl Server Basic before V3.1.2.2

CVSS N/A MEDIUM

Risk Summary

<p>TeleControl Server Basic before V3.1.2.2 contains multiple SQL Injection vulnerabilities that could allow an attacker to read and write to the application’s DB, cause denial of service and execute code in an OS shell with limited “NT AUTHORITY” permissions.</p> <p>Siemens has conducted a root-cause analysis for potential SQL injection vulnerabilities and has identified the locations in the code base where the underlying legacy design pattern has been used in. TeleControl Server Basic V3.1.2.2 has fixed all occurrences in the affected product.</p> <p>Siemens has released a new version for TeleControl Server Basic and recommends to update to the latest version.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-443402 V1.0: Multiple SQL Injection Vulnerabilities in TeleControl Server Basic before V3.1.2.2 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more