Publication Date:
Last Update:
Current Version: V1.0
CVSS v3.1 Base Score: 9.8
CVSS v4.0 Base Score: 9.3
Un-/Collapse All
Affected Product and Versions Remediation

All versions < V3.1.2.2
affected by all CVEs
CVE-2025-27495
CVE-2025-27539
CVE-2025-27540
CVE-2025-29905
CVE-2025-30002
CVE-2025-30003
CVE-2025-30030
CVE-2025-30031
CVE-2025-30032
CVE-2025-31343
CVE-2025-31349
CVE-2025-31350
CVE-2025-31351
CVE-2025-31352
CVE-2025-31353
CVE-2025-32475
CVE-2025-32822
CVE-2025-32823
CVE-2025-32824
CVE-2025-32825
CVE-2025-32826
CVE-2025-32827
CVE-2025-32828
CVE-2025-32829
CVE-2025-32830
CVE-2025-32831
CVE-2025-32832
CVE-2025-32833
CVE-2025-32834
CVE-2025-32835
CVE-2025-32836
CVE-2025-32837
CVE-2025-32838
CVE-2025-32839
CVE-2025-32840
CVE-2025-32841
CVE-2025-32842
CVE-2025-32843
CVE-2025-32844
CVE-2025-32845
CVE-2025-32846
CVE-2025-32847
CVE-2025-32848
CVE-2025-32849
CVE-2025-32850
CVE-2025-32851
CVE-2025-32852
CVE-2025-32853
CVE-2025-32854
CVE-2025-32855
CVE-2025-32856
CVE-2025-32857
CVE-2025-32858
CVE-2025-32859
CVE-2025-32860
CVE-2025-32861
CVE-2025-32862
CVE-2025-32863
CVE-2025-32864
CVE-2025-32865
CVE-2025-32866
CVE-2025-32867
CVE-2025-32868
CVE-2025-32869
CVE-2025-32870
CVE-2025-32871
CVE-2025-32872
Update to V3.1.2.2 or later version
  • Restrict access to port 8000 on the affected systems to trusted IP addresses only

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 9.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 9.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 9.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 9.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

  • Trend Micro Zero Day Initiative for coordinated disclosure of CVE-2025-32475, CVE-2025-31353, CVE-2025-31352, CVE-2025-31351, CVE-2025-31350, CVE-2025-31349, CVE-2025-31343, CVE-2025-30032, CVE-2025-30031, CVE-2025-30030, CVE-2025-30003, CVE-2025-30002, CVE-2025-29905, CVE-2025-27540, CVE-2025-27539, CVE-2025-27495

Siemens has conducted a root-cause analysis for potential SQL injection vulnerabilities and has identified the locations in the code base where the underlying legacy design pattern has been used in. TeleControl Server Basic V3.1.2.2 has fixed all occurrences in the affected product.

https://www.siemens.com/cert/advisories
V1.0 (2025-04-16): Publication Date