CVE-2025-32846 Siemens CVE debrief

Who should care

Siemens TeleControl Server Basic operators, OT/ICS administrators, vulnerability management teams, and defenders responsible for systems exposing port 8000.

Technical summary

CISA’s advisory for Siemens TeleControl Server Basic identifies a SQL injection flaw in the LockGeneralSettings method. The attack path is network-reachable but requires authentication and access to port 8000. If exploited, the attacker may bypass authorization checks, interact with the database for read/write impact, and achieve code execution under the NT AUTHORITY\NetworkService account. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which aligns with the reported 8.8 HIGH severity.

Defensive priority

High

Recommended defensive actions

• Update Siemens TeleControl Server Basic to V3.1.2.2 or later.
• Restrict access to port 8000 on affected systems to trusted IP addresses only.
• Verify which hosts expose port 8000 and review authentication and database activity for unexpected access.
• Follow the linked CISA ICS recommended practices and defense-in-depth guidance for segmentation and access control.

Evidence notes

The supplied CISA CSAF advisory (ICSA-25-112-01) and Siemens references identify Siemens TeleControl Server Basic as the affected product and describe the SQL injection impact. The CVE was published on 2025-04-16 and the source advisory was revised on 2025-05-06 with a note indicating typo fixes only. The supplied enrichment does not mark this CVE as CISA KEV.

Official resources