PatchSiren cyber security CVE debrief
CVE-2025-40765 Siemens CVE debrief
CVE-2025-40765 is a critical information disclosure vulnerability in Siemens TeleControl Server Basic V3.1. According to the CISA CSAF advisory and the Siemens product security advisory, an unauthenticated remote attacker could obtain user password hashes and then use them to log in and perform authenticated operations of the database service. Because the issue is network-reachable, requires no user interaction, and is assigned CVSS 3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it should be treated as an urgent remediation item for affected deployments.
- Vendor
- Siemens
- Product
- TeleControl Server Basic V3.1
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-14
- Original CVE updated
- 2025-10-14
- Advisory published
- 2025-10-14
- Advisory updated
- 2025-10-14
Who should care
OT and ICS operators running Siemens TeleControl Server Basic V3.1, system owners responsible for the database service, and security teams that manage exposed industrial services or remote access to port 8000.
Technical summary
The advisory describes an information disclosure condition in Siemens TeleControl Server Basic V3.1 that can be abused by an unauthenticated remote attacker. The stated impact is disclosure of password hashes, followed by the possibility of logging in and carrying out authenticated operations against the database service. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which aligns with a high-severity, remotely reachable issue affecting confidentiality, integrity, and availability.
Defensive priority
Immediate. This is a critical, unauthenticated, network-accessible issue with vendor-provided remediation available.
Recommended defensive actions
- Update affected systems to Siemens TeleControl Server Basic V3.1.2.3 or later.
- Restrict access to port 8000 on affected systems to trusted IP addresses only, as directed in the advisory.
- Review exposure of any affected database-service interfaces and limit network reachability to the minimum necessary.
- If the product is internet-facing or reachable from broader OT/IT networks, prioritize emergency change management and validate the update path before rollout.
- Monitor for unexpected authentication events or database-service activity until remediation is complete.
Evidence notes
The supplied CISA CSAF source item for ICSA-25-289-09 states: "The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service." The same source lists Siemens TeleControl Server Basic V3.1 as the affected product and recommends restricting access to port 8000 to trusted IP addresses only, plus updating to V3.1.2.3 or later. The source references the Siemens advisory (ssa-062309) and the CISA advisory page for corroboration.
Official resources
-
CVE-2025-40765 CVE record
CVE.org
-
CVE-2025-40765 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-10-14 via the CISA ICS advisory ICSA-25-289-09 and the associated Siemens product security advisory. No Known Exploited Vulnerabilities (KEV) listing was provided in the supplied data.