Details of VAR-202601-0370

ID

VAR-202601-0370

CVE

CVE-2025-40942

TITLE

Siemens' telecontrol server basic Unnecessary Privileged Execution Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-001922

DESCRIPTION

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-40942 // JVNDB: JVNDB-2026-001922

AFFECTED PRODUCTS

vendor:	siemens	model:	telecontrol server basic	scope:	lt	version:	3.1.2.4	Trust: 1.0
vendor:	シーメンス	model:	telecontrol server basic	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	telecontrol server basic	scope:	eq	version:	3.1.2.4	Trust: 0.8
vendor:	シーメンス	model:	telecontrol server basic	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001922 // NVD: CVE-2025-40942

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2025-40942
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-40942
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-40942
value:	HIGH
Trust: 0.8

productcert@siemens.com:	CVE-2025-40942
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-40942
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-40942
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001922 // NVD: CVE-2025-40942 // NVD: CVE-2025-40942

PROBLEMTYPE DATA

problemtype:	CWE-250	Trust: 1.0
problemtype:	Execution with unnecessary privileges (CWE-250) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001922 // NVD: CVE-2025-40942

PATCH

title:

SSA-192617

url:

https://cert-portal.siemens.com/productcert/html/ssa-192617.html

Trust: 0.8

sources: JVNDB: JVNDB-2026-001922

EXTERNAL IDS

db:	NVD	id:	CVE-2025-40942	Trust: 2.6
db:	SIEMENS	id:	SSA-192617	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-001922	Trust: 0.8

sources: JVNDB: JVNDB-2026-001922 // NVD: CVE-2025-40942

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-192617.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-40942	Trust: 0.8

sources: JVNDB: JVNDB-2026-001922 // NVD: CVE-2025-40942

SOURCES

db:	JVNDB	id:	JVNDB-2026-001922
db:	NVD	id:	CVE-2025-40942

LAST UPDATE DATE

2026-01-29T23:57:17.119000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001922	date:	2026-01-27T08:35:00
db:	NVD	id:	CVE-2025-40942	date:	2026-01-22T20:58:54.670

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001922	date:	2026-01-27T00:00:00
db:	NVD	id:	CVE-2025-40942	date:	2026-01-13T10:15:58.283