216.73.216.226

CVE-2025-29931

· Published 17/04/2025 11:15 · Modified 17/04/2025 20:21

Labels: CVE-2025-29931 2025-04-17CVE-2025-29931CWE-130[email protected]

Essential information

Published
17/04/2025 11:15
Modified
17/04/2025 20:21
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / telecontrol server basic cpe:2.3:a:siemens:telecontrol_server_basic:<3.1.2.2:*:*:*:*:*:*:*

References