CVE-2025-27495
CriticalProof-of-ConceptSiemens TeleControl Server Basic SQL Injection
9.8
CVSS v3.1 Base Score
Critical severity — Immediate action required
AV: Network AC: LowAuth: Required
SQL injection in Siemens TeleControl Server Basic — used for remote monitoring and control of distributed infrastructure (substations, pump stations, RTUs). Exploitation enables database compromise and potential OS-level code execution via xp_cmdshell. TeleControl servers typically manage geographically distributed OT assets.
Status
Proof-of-Concept
Complexity
Low
Auth Required
Yes
Initial Access
Authenticated access to TeleControl web management interface
Known Techniques
- UNION-based SQL injection for data exfiltration
- Stacked queries to enable xp_cmdshell for OS command execution
- Time-based blind SQL injection for data extraction
Published:2025-03-01
Modified:2025-03-18
Vendor:Siemens
CWE:CWE-89
Improper Neutralization of Special Elements used in an SQL Command
Risk Summary
Overall RiskCritical
ExploitationProof-of-Concept
DetectionHigh coverage
Detection Rate89%
Rules Available3
Industry Sectors