PatchSiren cyber security CVE debrief
CVE-2025-30032 Siemens CVE debrief
CVE-2025-30032 is a high-severity SQL injection issue in Siemens TeleControl Server Basic. According to the CISA/Siemens advisory, an authenticated remote attacker who can reach port 8000 on a vulnerable system may abuse the internally used UpdateDatabaseSettings method to bypass authorization controls, read and write the application's database, and potentially execute code as NT AUTHORITY\NetworkService. Siemens and CISA list an update to version V3.1.2.2 or later, along with restricting access to port 8000 to trusted IP addresses, as the primary remediation path.
- Vendor
- Siemens
- Product
- TeleControl Server Basic
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-16
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-16
- Advisory updated
- 2025-05-06
Who should care
OT/ICS administrators, Siemens TeleControl Server Basic operators, and defenders responsible for systems exposing port 8000 should prioritize this advisory. Security teams should also review any remote access paths that could let authenticated users reach the affected service.
Technical summary
The advisory describes a SQL injection vulnerability in the internally used UpdateDatabaseSettings method of Siemens TeleControl Server Basic. Exploitation requires authenticated remote access and network reachability to port 8000. Successful abuse may let an attacker bypass authorization controls, manipulate the application's database, and execute code with NT AUTHORITY\NetworkService permissions. The advisory names TeleControl Server Basic as the affected product and recommends updating to V3.1.2.2 or later, with access restrictions on port 8000 as a mitigation.
Defensive priority
High. The issue is network-reachable, permits authenticated exploitation, and can lead to database compromise and code execution. Priority should be highest where port 8000 is exposed beyond trusted networks or where the product supports sensitive OT operations.
Recommended defensive actions
- Update Siemens TeleControl Server Basic to V3.1.2.2 or later.
- Restrict access to port 8000 on affected systems to trusted IP addresses only.
- Inventory deployments of TeleControl Server Basic and confirm which hosts are reachable on port 8000.
- Review authentication and network segmentation controls around the affected service.
- Monitor for unexpected database changes or service behavior on affected systems.
- Use the official Siemens and CISA advisories to validate remediation status and affected versions.
Evidence notes
All core facts in this debrief are drawn from the supplied CISA CSAF advisory record for ICSA-25-112-01 and its referenced Siemens advisory materials. The advisory states the issue is an SQL injection in UpdateDatabaseSettings, requires authenticated remote access and port 8000 reachability, can bypass authorization controls, can read/write the application's database, and can execute code as NT AUTHORITY\NetworkService. The remediation details supplied in the corpus are update to V3.1.2.2 or later and restricting port 8000 to trusted IP addresses. Publication date used here is 2025-04-16, with a revision on 2025-05-06 for typo fixes.
Official resources
-
CVE-2025-30032 CVE record
CVE.org
-
CVE-2025-30032 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-04-16 by CISA/Siemens through the ICSA-25-112-01 advisory; the advisory was revised on 2025-05-06 for typo fixes.