← Back to CVEs
CVE-2025-29931
LOW3.7
Description
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.
CVE Details
CVSS v3.1 Score3.7
SeverityLOW
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published4/17/2025
Last Modified8/19/2025
Sourcenvd
Honeypot Sightings0
Affected Products
siemens:telecontrol_server_basic
Weaknesses (CWE)
CWE-130
References
https://cert-portal.siemens.com/productcert/html/ssa-395348.html(productcert@siemens.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.