CVE-2025-40942: Local Priv. Escalation in TeleControl Server Basic < 3.1.2.4
CVE-2025-40942 Published on January 13, 2026
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2025-40942
Want to know whenever a new CVE is published for Siemens Telecontrol Server Basic? stack.watch will email you.
Affected Versions
Siemens TeleControl Server Basic:- Before V3.1.2.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.