CVE-2025-40942 — Vulnetix

CVE-2025-40942 PUBLISHED CVSS 8.800000190734863 HIGH

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.

EPSS 0.01% · 0.9th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.01%

0.9th percentile

Affected Products

Vendor	Product	Versions
Siemens	TeleControl Server Basic	0
siemens	telecontrol_server_basic	0

Timeline

Jan 13, 2026 EPSS Score
Jan 13, 2026 CVE Published
Jan 13, 2026 PoC Published
Jan 13, 2026 PoC Published
Jan 13, 2026 CVE Updated
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 22, 2026 EPSS Score
Jan 25, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 3, 2026 EPSS Score

References

https://cert-portal.siemens.com/productcert/html/ssa-192617.html url
https://nvd.nist.gov/vuln/detail/CVE-2025-40942 advisory

Open in Interactive Console →