CVE-2025-30002 in TeleControl Server Basicinformação

Sumário

de MITRE • 16/04/2025

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25909)

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Siemens

Reservar

13/03/2025

Divulgação

16/04/2025

Moderação

aceite

Entrada

VDB-305270

CPE

pronto

CWE

CWE-89 (confirmado)

CVSS

8.8 (CNA)

EPSS

0.00078

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-30002
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-30002
CVE Details	https://www.cvedetails.com/cve/CVE-2025-30002/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!