PatchSiren cyber security CVE debrief
CVE-2025-30003 Siemens CVE debrief
CVE-2025-30003 is a high-severity SQL injection issue in Siemens TeleControl Server Basic. According to the CISA/Siemens advisory, the flaw is reachable through the internally used UpdateProjectConnections method and can let an authenticated remote attacker bypass authorization controls, read and write the application database, and potentially execute code as NT AUTHORITY\NetworkService. The advisory notes that the attacker must be able to reach port 8000 on the affected system. Siemens lists version V3.1.2.2 or later as the fix and recommends restricting access to port 8000 to trusted IP addresses only.
- Vendor
- Siemens
- Product
- TeleControl Server Basic
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-16
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-16
- Advisory updated
- 2025-05-06
Who should care
Siemens TeleControl Server Basic operators, OT/ICS administrators, plant network defenders, and anyone responsible for systems exposing port 8000 in environments where the application is deployed.
Technical summary
The vulnerable path is an SQL injection in the internally used UpdateProjectConnections method. The attack requires authenticated access and network reachability to port 8000. Successful exploitation could bypass authorization checks, expose or modify database contents, and lead to code execution under the NetworkService account, which materially increases impact in an OT/ICS context.
Defensive priority
High. The issue is network-reachable, authenticated, and has potential for database compromise and code execution, so it should be prioritized for patching or isolation, especially where port 8000 is exposed beyond tightly controlled trust boundaries.
Recommended defensive actions
- Upgrade Siemens TeleControl Server Basic to V3.1.2.2 or later.
- Restrict access to port 8000 to trusted IP addresses only.
- Verify which hosts can reach the service and remove unnecessary network exposure.
- Review authentication controls and account usage around the affected application.
- Follow Siemens and CISA ICS hardening guidance for segmentation and defense-in-depth.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-112-01 and Siemens advisory references provided in the source corpus. The advisory was published on 2025-04-16 and revised on 2025-05-06 for typo fixes. The supplied remediation guidance states to update to V3.1.2.2 or later and to restrict access to port 8000 to trusted IP addresses only.
Official resources
-
CVE-2025-30003 CVE record
CVE.org
-
CVE-2025-30003 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA and Siemens on 2025-04-16; revised 2025-05-06 for typo corrections.