CVE-2025-40765
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-21
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | telecontrol_server_basic | 3.1.2.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Siemens TeleControl Server Basic V3.1 versions from V3.1.2.2 up to but not including V3.1.2.3. It is an information disclosure flaw that allows an unauthenticated remote attacker to obtain password hashes of users. With these hashes, the attacker can log in and perform authenticated operations on the database service without authorization. The issue is due to missing authentication for a critical function. [1]
How can this vulnerability impact me? :
Exploiting this vulnerability can allow an attacker to remotely access password hashes and then log in to the affected system without authorization. This can lead to unauthorized access and control over the database service, potentially compromising sensitive data and operations managed by the TeleControl Server Basic. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system is running Siemens TeleControl Server Basic versions >= V3.1.2.2 and < V3.1.2.3. Additionally, you can check if port 8000 is open and accessible from untrusted networks, as this port is used by the affected service. Network scanning tools like nmap can be used to detect open port 8000. For example, you can run: nmap -p 8000 <target-ip>. Also, monitoring for unauthorized access attempts or unusual authentication activity on the database service may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to port 8000 on affected systems to trusted IP addresses only. It is strongly recommended to update TeleControl Server Basic to version V3.1.2.3 or later, which addresses this vulnerability. Additionally, follow Siemens' general security guidelines, protect network access with appropriate mechanisms, and configure the operational environment according to Siemens' Industrial Security operational guidelines. [1]