Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-40765

A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.

Published

2025-10-14T10:15:38.127

Last Modified

2025-10-21T14:40:15.117

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	telecontrol_server_basic	3.1.2.2	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-062309.html Vendor Advisory ([email protected])