← Volver a CVEs
CVE-2025-29931
LOW3.7
Descripcion
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.
Detalles CVE
Puntuacion CVSS v3.13.7
SeveridadLOW
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/17/2025
Ultima modificacion8/19/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
siemens:telecontrol_server_basic
Debilidades (CWE)
CWE-130
Referencias
https://cert-portal.siemens.com/productcert/html/ssa-395348.html(productcert@siemens.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.