PatchSiren cyber security CVE debrief
CVE-2025-32862 Siemens CVE debrief
CVE-2025-32862 affects Siemens TeleControl Server Basic and was published on 2025-04-16, with a later advisory revision on 2025-05-06 for typo fixes only. The issue is an authenticated SQL injection in the internally used LockTraceLevelSettings method. According to the advisory, a successful attack can bypass authorization controls, read and write the application's database, and execute code as NT AUTHORITY\NetworkService, provided the attacker can reach port 8000 on a vulnerable system.
- Vendor
- Siemens
- Product
- TeleControl Server Basic
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-16
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-16
- Advisory updated
- 2025-05-06
Who should care
Operators, administrators, and defenders responsible for Siemens TeleControl Server Basic deployments, especially where port 8000 is reachable from untrusted or broadly trusted networks.
Technical summary
The CISA-CSAF advisory describes a SQL injection weakness in an internal method, LockTraceLevelSettings, in Siemens TeleControl Server Basic. The impact is high: an authenticated remote attacker with access to port 8000 can bypass authorization controls, manipulate the database, and achieve code execution under NT AUTHORITY\NetworkService. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, consistent with a network-reachable, low-complexity, privilege-requiring flaw.
Defensive priority
High. This is a remotely reachable authenticated SQL injection with potential code execution and full confidentiality/integrity/availability impact, so affected deployments should be prioritized for patching and exposure reduction.
Recommended defensive actions
- Update Siemens TeleControl Server Basic to V3.1.2.2 or later.
- Restrict access to port 8000 on affected systems to trusted IP addresses only.
- Verify whether any deployment exposes port 8000 beyond the minimum required management or operational networks.
- Review authentication and access control boundaries around TeleControl Server Basic instances until patched.
- Use the Siemens and CISA advisories to confirm product applicability before and after remediation.
Evidence notes
Source data ties the issue to Siemens TeleControl Server Basic and states that the advisory was first published on 2025-04-16, then revised on 2025-05-06 with typo-only changes. The supplied advisory text explicitly names the vulnerable method (LockTraceLevelSettings), the attack precondition (authenticated remote attacker with access to port 8000), the impact (authorization bypass, database read/write, and code execution as NT AUTHORITY\NetworkService), and the remediation version (V3.1.2.2 or later). No KEV entry is present in the supplied corpus.
Official resources
-
CVE-2025-32862 CVE record
CVE.org
-
CVE-2025-32862 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2025-04-16 and revised on 2025-05-06 for typo fixes only.