CVE-2025-29905 Siemens CVE debrief

Who should care

Siemens TeleControl Server Basic operators, OT/ICS defenders, asset owners exposing port 8000, and vulnerability management teams responsible for Windows-based industrial server deployments.

Technical summary

The advisory describes SQL injection in the internally used RestoreFromBackup method. The stated attack prerequisites are authenticated access and network reachability to port 8000 on a system running a vulnerable version of TeleControl Server Basic. Impact includes authorization bypass, database read/write access, and code execution under NT AUTHORITY\NetworkService. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, matching a high-impact remote attack path with low complexity and low privileges required.

Defensive priority

High

Recommended defensive actions

• Update Siemens TeleControl Server Basic to V3.1.2.2 or later, as listed in the vendor remediation guidance.
• Restrict access to port 8000 on affected systems to trusted IP addresses only.
• Review authentication boundaries and network segmentation around TeleControl Server Basic, especially any paths that allow remote access into the service.
• Use the Siemens and CISA advisories to confirm affected versions and remediation timing for your environment.

Evidence notes

Primary evidence comes from the CISA CSAF advisory ICSA-25-112-01 and the Siemens product security advisory referenced in the source corpus. The corpus identifies Siemens TeleControl Server Basic as the affected product and states that the issue is an SQL injection in the internal RestoreFromBackup method. The advisory text explicitly notes authenticated remote attack conditions, required access to port 8000, and potential execution as NT AUTHORITY\NetworkService. Published date: 2025-04-16; modified date: 2025-05-06, with the revision history indicating typo fixes only. No Known Exploited Vulnerabilities (KEV) entry is included in the supplied data.

Official resources