CVE-2025-31350 Siemens CVE debrief

Who should care

Organizations running Siemens TeleControl Server Basic, especially OT/ICS environments exposing port 8000 to non-trusted networks, should treat this as a priority patching and exposure-reduction item. Security teams responsible for network segmentation, access control, and system hardening around industrial applications should also review it.

Technical summary

The advisory describes a SQL injection condition in the internally used UpdateBufferingSettings method. The issue affects Siemens TeleControl Server Basic and requires attacker access to port 8000 on a system running a vulnerable version. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, consistent with significant confidentiality, integrity, and availability impact once the prerequisite access is met. The vendor remediation is to update to V3.1.2.2 or later; Siemens also recommends restricting access to port 8000 to trusted IP addresses only.

Defensive priority

High

Recommended defensive actions

• Update Siemens TeleControl Server Basic to V3.1.2.2 or later.
• Restrict access to port 8000 on affected systems to trusted IP addresses only.
• Review network exposure and apply ICS defense-in-depth guidance to reduce reachability of the service.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-112-01 and the Siemens product security advisory referenced in the source corpus. The source text states that the affected application is vulnerable to SQL injection through UpdateBufferingSettings, that exploitation requires authenticated access and reachability of port 8000, and that the fixed version is V3.1.2.2 or later. The advisory was published on 2025-04-16 and revised on 2025-05-06 for typo corrections only.

Official resources