CVE-2025-32831 Siemens CVE debrief

Who should care

Industrial control system administrators, Siemens TeleControl Server Basic operators, and defenders responsible for systems that expose port 8000 or allow authenticated remote access to the application.

Technical summary

The source advisory describes an authenticated SQL injection vulnerability in TeleControl Server Basic's internally used UpdateProjectUserRights method. The impact includes authorization bypass, database read/write access, and code execution with NT AUTHORITY\\NetworkService privileges. The CVSS vector provided is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and the successful attack condition includes network access to port 8000 on a vulnerable host.

Defensive priority

High. The issue combines remote network reachability, authenticated access, database compromise, and potential code execution. Prioritize if any affected TeleControl Server Basic instance is reachable on port 8000.

Recommended defensive actions

• Update Siemens TeleControl Server Basic to V3.1.2.2 or later, as specified in the Siemens remediation guidance.
• Restrict access to port 8000 on affected systems to trusted IP addresses only.
• Validate which hosts run TeleControl Server Basic and confirm whether port 8000 is exposed beyond approved administrative networks.
• Follow CISA ICS recommended practices and defense-in-depth guidance for segmentation, least privilege, and controlled remote access.

Evidence notes

CISA's CSAF advisory ICSA-25-112-01 and Siemens advisory SSA-443402 describe the same issue: SQL injection in the internally used UpdateProjectUserRights method, with potential for authorization bypass, database read/write, and code execution as NT AUTHORITY\\NetworkService. The advisory lists the affected product as Siemens TeleControl Server Basic, recommends restricting port 8000 to trusted IPs, and directs users to update to V3.1.2.2 or later. Published date is 2025-04-16, and the 2025-05-06 modification is recorded as a typo-fix revision.

Official resources