CVE-2025-31349 Siemens CVE debrief

Who should care

Siemens TeleControl Server Basic administrators, OT/ICS operators, network defenders, and vulnerability management teams responsible for systems that expose port 8000 or otherwise accept remote access to the affected service.

Technical summary

The affected internally used UpdateSmtpSettings method is vulnerable to SQL injection. The published CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, reflecting a network-reachable attack that requires low privileges but no user interaction. CISA and Siemens state that successful exploitation can impact database confidentiality, integrity, and availability, and may lead to code execution under the NetworkService account.

Defensive priority

High. The issue is remotely reachable, requires only authenticated access, and can result in full database compromise and code execution if port 8000 is exposed to an attacker.

Recommended defensive actions

• Update Siemens TeleControl Server Basic to V3.1.2.2 or later.
• Restrict access to port 8000 on affected systems to trusted IP addresses only.
• Verify whether any vulnerable instances are reachable from untrusted networks and remove unnecessary exposure.
• Review authentication, service, and database logs for suspicious requests or unauthorized changes.
• If immediate patching is not possible, place the affected service behind strict network controls and limit administrative access.

Evidence notes

The primary evidence comes from CISA advisory ICSA-25-112-01 and Siemens advisory SSA-443402. Both describe SQL injection in the internally used UpdateSmtpSettings method, note the need for access to port 8000, and list remediation to update to V3.1.2.2 or later and restrict port 8000 to trusted IPs. The supplied record also includes the CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Official resources