CVE-2025-40765 is a critical security vulnerability identified in Siemens TeleControl Server Basic version 3.1.2.2. The flaw is categorized as CWE-306, indicating missing authentication for a critical function. Specifically, the vulnerability allows an unauthenticated remote attacker to access password hashes of users and subsequently perform authenticated operations on the database service without any valid credentials. The vulnerability affects all versions from 3.1.2.2 up to but not including 3.1.2.3. The root cause is the absence of proper authentication checks on sensitive functions within the TeleControl Server Basic application, which is used for industrial control and telecontrol systems. The CVSS v3.1 base score is 9.8, reflecting the vulnerability’s ease of exploitation (network attack vector, no privileges or user interaction required) and its severe impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the potential for attackers to gain full control over the database service and extract sensitive credential information poses a significant threat. Siemens has not yet released a patch, but the vulnerability is publicly disclosed, increasing the urgency for mitigation. This vulnerability could be leveraged to compromise industrial control systems, disrupt operations, or facilitate further lateral movement within critical infrastructure networks.

For European organizations, especially those operating in industrial control systems (ICS), energy, manufacturing, and critical infrastructure sectors, this vulnerability poses a severe risk. Siemens TeleControl Server Basic is commonly deployed in SCADA and telecontrol environments that manage critical processes. Exploitation could lead to unauthorized access to sensitive credentials, enabling attackers to manipulate control systems, disrupt operations, or cause physical damage. The compromise of database services could also lead to data theft, operational downtime, and loss of trust. Given the critical nature of these systems, any disruption could have cascading effects on national infrastructure, economic stability, and public safety. Additionally, the lack of authentication requirements makes it easier for attackers to exploit the vulnerability remotely, increasing the attack surface. European organizations with remote access to these systems or insufficient network segmentation are particularly vulnerable.

1. Immediately restrict network access to the TeleControl Server Basic service using firewalls, VPNs, or network segmentation to limit exposure to trusted hosts only. 2. Monitor network traffic for unusual access patterns or attempts to connect to the vulnerable service. 3. Implement strict access control policies and multi-factor authentication on all related systems to reduce risk if credentials are compromised. 4. Regularly audit and rotate passwords and credentials stored or used by the TeleControl Server Basic application. 5. Apply any Siemens patches or updates as soon as they become available; coordinate with Siemens support for early access or workarounds. 6. Conduct thorough security assessments and penetration tests on ICS environments to identify and remediate similar authentication weaknesses. 7. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting this vulnerability. 8. Educate operational technology (OT) and IT teams about this vulnerability and enforce strict change management and incident response procedures.