All news with #telecontrol server basic tag

Siemens TeleControl Server Basic: Remote Auth Bypass

🔒 Siemens TeleControl Server Basic V3.1 contains a critical missing-authentication vulnerability (CVE-2025-40765) that allows unauthenticated remote attackers to obtain user password hashes and perform authenticated database operations. The issue carries a CVSS v3.1 score of 9.8 and a CVSS v4 score of 9.3, with network attack vector and low attack complexity. Siemens advises updating to V3.1.2.3 or later and restricting access to port 8000; CISA emphasizes isolating control networks and minimizing internet exposure. Tenable reported the issue and, to date, CISA has not received reports of public exploitation.