CVE-2025-29931
CVE-2025-29931
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.3EPSS 0.4%KEV nãoPoC —Patch —
Ciclo de vida
17 abr 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition.
Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Produtos afetados
Siemens · TeleControl Server BasicQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →