VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202504-1081 CVE-2025-30030 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25924). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the ImportDatabase method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1121 CVE-2025-32857 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1084 CVE-2025-32829 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TeleControl Server Basic allows remote monitoring and control of devices over WAN/LAN. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1118 CVE-2025-32830 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TeleControl Server Basic allows remote monitoring and control of devices over WAN/LAN. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1125 CVE-2025-32828 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TeleControl Server Basic allows remote monitoring and control of devices over WAN/LAN. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1128 CVE-2025-31349 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25919). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the UpdateSmtpSettings method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1110 CVE-2025-27540 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: Critical
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25913). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the Authenticate method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1106 CVE-2025-29905 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25923). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the RestoreFromBackup method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1127 CVE-2025-31343 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25920). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the UpdateTcmSettings method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1130 CVE-2025-32855 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens TeleControl Server Basic is an industrial remote controller of Siemens, Germany. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-1083 CVE-2025-32475 Siemens'  telecontrol server basic  In  SQL  Injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25912). Siemens' telecontrol server basic for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the implementation of the UpdateProject method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker could leverage this vulnerability to disclose stored credentials, leading to further compromise. Siemens TeleControl Server Basic versions prior to v3.1.2.2 have multiple SQL injection vulnerabilities that can be exploited by attackers to read and write the application's database, causing a denial of service and executing code in the operating system shell with limited "NT AUTHORITYNetworkService" permissions
VAR-202504-2407 CVE-2025-25458 Shenzhen Tenda Technology Co.,Ltd.  of  AC10  Classic buffer overflow vulnerability in firmware CVSS V2: 4.6
CVSS V3: 4.6
Severity: MEDIUM
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the serverName2 parameter in AdvSetMacMtuWan failing to properly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service
VAR-202504-1576 CVE-2025-25453 Shenzhen Tenda Technology Co.,Ltd.  of  AC10  Classic buffer overflow vulnerability in firmware CVSS V2: 4.6
CVSS V3: 4.6
Severity: MEDIUM
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a high-performance router with Gigabit ports for both WAN and LAN ports. There is a buffer overflow vulnerability in Tenda AC10 AdvSetMacMtuWan, which can be exploited by attackers to submit special requests and cause a denial of service attack
VAR-202504-0969 CVE-2025-31950 Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14965) CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
An unauthenticated attacker can obtain EV charger energy consumption information of other users. Growatt Cloud Applications is a monitoring platform of China's Growatt
VAR-202504-0963 CVE-2025-31147 Growatt New Energy  of  Cloud portal  Vulnerability in user-controlled key authentication evasion in CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt
VAR-202504-0985 CVE-2025-30512 Growatt New Energy  of  Cloud portal  Vulnerability related to external control of system configuration or settings in CVSS V2: 6.4
CVSS V3: 6.5
Severity: Medium
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off). Growatt New Energy of Cloud portal contains a vulnerability related to external control of system configuration or settings.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Growatt Cloud Applications is a monitoring platform of China's Growatt
VAR-202504-0976 CVE-2025-27719 Growatt New Energy  of  Cloud portal  Vulnerability in user-controlled key authentication evasion in CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
Unauthenticated attackers can query an API endpoint and get device details. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt
VAR-202504-0987 CVE-2025-24315 Growatt Cloud Applications Security Bypass Vulnerability (CNVD-2025-14962) CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users). Growatt Cloud Applications is a monitoring platform of China's Growatt
VAR-202504-0986 CVE-2025-31941 Growatt New Energy  of  Cloud portal  Vulnerability in user-controlled key authentication evasion in CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Growatt New Energy of Cloud portal Exists in a user-controlled key authentication evasion vulnerability.Information may be obtained. Growatt Cloud Applications is a monitoring platform of China's Growatt
VAR-202504-0973 CVE-2025-31357 Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14959) CVSS V2: 5.0
CVSS V3: 5.3
Severity: Medium
An unauthenticated attacker can obtain a user's plant list by knowing the username. Growatt Cloud Applications is a monitoring platform of China's Growatt