VARIoT IoT vulnerabilities database
| VAR-202504-1081 | CVE-2025-30030 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25924). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the ImportDatabase method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1121 | CVE-2025-32857 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1084 | CVE-2025-32829 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TeleControl Server Basic allows remote monitoring and control of devices over WAN/LAN.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1118 | CVE-2025-32830 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TeleControl Server Basic allows remote monitoring and control of devices over WAN/LAN.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1125 | CVE-2025-32828 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TeleControl Server Basic allows remote monitoring and control of devices over WAN/LAN.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1128 | CVE-2025-31349 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25919). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the UpdateSmtpSettings method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1110 | CVE-2025-27540 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: Critical |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25913). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the Authenticate method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1106 | CVE-2025-29905 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25923). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the RestoreFromBackup method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1127 | CVE-2025-31343 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25920). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the UpdateTcmSettings method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1130 | CVE-2025-32855 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-1083 | CVE-2025-32475 | Siemens' telecontrol server basic In SQL Injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25912). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the UpdateProject method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise.
Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
| VAR-202504-2407 | CVE-2025-25458 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Classic buffer overflow vulnerability in firmware |
CVSS V2: 4.6 CVSS V3: 4.6 Severity: MEDIUM |
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the serverName2 parameter in AdvSetMacMtuWan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service
| VAR-202504-1576 | CVE-2025-25453 | Shenzhen Tenda Technology Co.,Ltd. of AC10 Classic buffer overflow vulnerability in firmware |
CVSS V2: 4.6 CVSS V3: 4.6 Severity: MEDIUM |
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a high-performance router with Gigabit ports for both WAN and LAN ports.
There is a buffer overflow vulnerability in Tenda AC10 AdvSetMacMtuWan, which can be exploited by attackers to submit special requests and cause a denial of service attack
| VAR-202504-0969 | CVE-2025-31950 | Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14965) |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
An unauthenticated attacker can obtain EV charger energy consumption information of other users. Growatt Cloud Applications is a monitoring platform of China's Growatt
| VAR-202504-0963 | CVE-2025-31147 | Growatt New Energy of Cloud portal Vulnerability in user-controlled key authentication evasion in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt
| VAR-202504-0985 | CVE-2025-30512 | Growatt New Energy of Cloud portal Vulnerability related to external control of system configuration or settings in |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: Medium |
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Growatt New Energy of Cloud portal contains a vulnerability related to external control of system configuration or settings.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Growatt Cloud Applications is a monitoring platform of China's Growatt
| VAR-202504-0976 | CVE-2025-27719 | Growatt New Energy of Cloud portal Vulnerability in user-controlled key authentication evasion in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
Unauthenticated attackers can query an API endpoint and get device details. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt
| VAR-202504-0987 | CVE-2025-24315 | Growatt Cloud Applications Security Bypass Vulnerability (CNVD-2025-14962) |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). Growatt Cloud Applications is a monitoring platform of China's Growatt
| VAR-202504-0986 | CVE-2025-31941 | Growatt New Energy of Cloud portal Vulnerability in user-controlled key authentication evasion in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt
| VAR-202504-0973 | CVE-2025-31357 | Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14959) |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: Medium |
An unauthenticated attacker can obtain a user's plant list by knowing the username. Growatt Cloud Applications is a monitoring platform of China's Growatt