Siemens

Telecontrol Server Basic

75 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-30031

  • EPSS 0.11%
  • Veröffentlicht 16.04.2025 17:37:33
  • Zuletzt bearbeitet 19.08.2025 14:53:40

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateUsers' method. This could allow an authenticated remote attacker to ...

8.8

CVE-2025-30030

  • EPSS 0.11%
  • Veröffentlicht 16.04.2025 17:37:31
  • Zuletzt bearbeitet 19.08.2025 14:53:49

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker ...

8.8

CVE-2025-30003

  • EPSS 0.11%
  • Veröffentlicht 16.04.2025 17:37:30
  • Zuletzt bearbeitet 19.08.2025 14:53:58

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote...

8.8

CVE-2025-30002

  • EPSS 0.11%
  • Veröffentlicht 16.04.2025 17:37:28
  • Zuletzt bearbeitet 19.08.2025 14:54:04

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remot...

8.8

CVE-2025-29905

  • EPSS 0.11%
  • Veröffentlicht 16.04.2025 17:37:27
  • Zuletzt bearbeitet 19.08.2025 14:48:46

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attack...

9.8

CVE-2025-27540

  • EPSS 0.11%
  • Veröffentlicht 16.04.2025 17:37:25
  • Zuletzt bearbeitet 19.08.2025 14:49:00

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker ...

9.8

CVE-2025-27539

  • EPSS 0.11%
  • Veröffentlicht 16.04.2025 17:37:24
  • Zuletzt bearbeitet 19.08.2025 14:49:14

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to...

9.8

CVE-2025-27495

  • EPSS 0.11%
  • Veröffentlicht 16.04.2025 17:37:22
  • Zuletzt bearbeitet 19.08.2025 14:49:42

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker t...

10

CVE-2024-44102

  • EPSS 3.56%
  • Veröffentlicht 12.11.2024 13:15:08
  • Zuletzt bearbeitet 13.11.2024 23:05:23

A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1...

6.5

CVE-2021-45117

Exploit
  • EPSS 0.46%
  • Veröffentlicht 21.03.2022 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:31:59

The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.