Siemens TeleControl Server Basic SQL Injection Vulnerability Allowing Database Access and Code Execution

A SQL injection vulnerability has been identified in Siemens TeleControl Server Basic, affecting all versions prior to V3.1.2.2. The vulnerability arises in the 'LockProject' method, allowing authenticated remote attackers to bypass authorization controls, manipulate the application's database, and execute code with 'NT AUTHORITY\NetworkService' permissions. Exploitation requires access to port 8000 on the affected system.

Impact

Exploitation of this vulnerability could lead to unauthorized database access and manipulation, execution of code in the operating system shell with limited 'NT AUTHORITY\NetworkService' permissions, and potentially cause a denial-of-service condition.

Remediation

Users are advised to update TeleControl Server Basic to version V3.1.2.2 or later. For specific guidance, refer to the Siemens support page for TeleControl Server Basic. As an additional measure, restrict access to port 8000 on affected systems to trusted IP addresses only.