CVE-2025-32829 Siemens CVE debrief

Who should care

Operators and defenders responsible for Siemens TeleControl Server Basic deployments, especially environments where the service is reachable on port 8000 or exposed beyond trusted network boundaries.

Technical summary

According to the CISA CSAF advisory and Siemens references, the vulnerability is an SQL injection flaw in the internally used LockProjectCrossCommunications method. The stated attack prerequisites are network access to port 8000 and authenticated access. Successful exploitation may permit authorization bypass, database read/write access, and code execution with NT AUTHORITY\NetworkService permissions. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, matching the 8.8 HIGH score in the source corpus.

Defensive priority

High. Prioritize systems where TeleControl Server Basic is deployed and where port 8000 is reachable from untrusted or broadly trusted networks. Apply the vendor fix first, then reduce exposure.

Recommended defensive actions

• Update Siemens TeleControl Server Basic to V3.1.2.2 or later, as specified in the Siemens remediation guidance.
• Restrict access to port 8000 on affected systems to trusted IP addresses only.
• Review network segmentation and service exposure for any TeleControl Server Basic instance that may be reachable by non-admin or non-trusted hosts.
• Follow Siemens and CISA industrial control system defense-in-depth guidance for layered protections around OT-facing services.

Evidence notes

This debrief is based only on the supplied CISA CSAF source item for ICSA-25-112-01 and the Siemens advisory references listed in that source. The issue was published on 2025-04-16 and revised on 2025-05-06; the revision history provided says the later update fixed typos only. No KEV entry was supplied in the corpus.

Official resources