CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32831
https://notcve.org/view.php?id=CVE-2025-32831
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32830
https://notcve.org/view.php?id=CVE-2025-32830
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32829
https://notcve.org/view.php?id=CVE-2025-32829
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32828
https://notcve.org/view.php?id=CVE-2025-32828
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32827
https://notcve.org/view.php?id=CVE-2025-32827
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'ActivateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32826
https://notcve.org/view.php?id=CVE-2025-32826
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32825
https://notcve.org/view.php?id=CVE-2025-32825
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32824
https://notcve.org/view.php?id=CVE-2025-32824
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32823
https://notcve.org/view.php?id=CVE-2025-32823
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'LockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32822
https://notcve.org/view.php?id=CVE-2025-32822
16 Apr 2025 — The affected application is vulnerable to SQL injection through the internally used 'DeleteProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. • https://cert-portal.siemens.com/productcert/html/ssa-443402.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •