CVE-2025-32839 Siemens CVE debrief

Who should care

Organizations running Siemens TeleControl Server Basic, especially OT/ICS teams that expose or route traffic to port 8000, should treat this as a high-priority remediation item.

Technical summary

According to the CISA CSAF advisory, the vulnerable behavior is in the internally used GetGateways method. The issue is described as SQL injection with CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Successful exploitation requires authenticated access and reachability of port 8000 on the affected host. Impact includes authorization bypass, database read/write access, and code execution under NT AUTHORITY\NetworkService.

Defensive priority

High

Recommended defensive actions

• Update Siemens TeleControl Server Basic to V3.1.2.2 or later.
• Restrict access to port 8000 on affected systems to trusted IP addresses only.
• Review exposed services and network paths to confirm port 8000 is not reachable from untrusted networks.
• Validate the affected deployment against Siemens and CISA guidance before returning the system to production.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-112-01 and Siemens product security references provided in the source corpus. The advisory was published on 2025-04-16 and revised on 2025-05-06 for typo fixes. The affected product is Siemens TeleControl Server Basic. The source corpus states that exploitation requires an authenticated remote attacker with access to port 8000.

Official resources