CVE-2025-32834 Siemens CVE debrief

Who should care

Organizations running Siemens TeleControl Server Basic, especially OT/ICS operators, Windows system owners, and network/security teams responsible for exposure of port 8000 and authentication controls.

Technical summary

The advisory describes a SQL injection weakness in the internally used UpdateConnectionVariablesWithImport method of Siemens TeleControl Server Basic. The attack requires authenticated remote access and the ability to reach port 8000 on the affected host. Successful exploitation can bypass authorization controls, enable database read and write access, and lead to code execution with NT AUTHORITY\NetworkService permissions. The supplied remediation guidance is to restrict access to port 8000 to trusted IPs and update to V3.1.2.2 or later.

Defensive priority

High

Recommended defensive actions

• Update Siemens TeleControl Server Basic to V3.1.2.2 or later.
• Restrict access to port 8000 on affected systems to trusted IP addresses only.
• Verify that only required authenticated users can reach the service.
• Review logs and configuration for unexpected database changes or unauthorized access attempts.
• Apply standard ICS defense-in-depth guidance for exposed management and service ports.

Evidence notes

This debrief is based only on the supplied CISA CSAF advisory ICSA-25-112-01 and the referenced Siemens security advisory. The CVE was published on 2025-04-16 and the public record was revised on 2025-05-06 for typos only, per the provided timeline. The advisory explicitly states the affected product, attack prerequisites, impacts, and remediation version.

Official resources