CVE-2024-44102
published 2024-11-12CVE-2024-44102: A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured)…
PriorityP273critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.00%
58.5th percentile
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | pp_telecontrol_server_basic_1000_to_5000_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | pp_telecontrol_server_basic_256_to_1000_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | pp_telecontrol_server_basic_32_to_64_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | pp_telecontrol_server_basic_64_to_256_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | pp_telecontrol_server_basic_8_to_32_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | telecontrol_server_basic | >= 3.1 < 3.1.2.1 | 3.1.2.1 |
| siemens | telecontrol_server_basic_1000_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | telecontrol_server_basic_256_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | telecontrol_server_basic_32_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | telecontrol_server_basic_5000_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | telecontrol_server_basic_64_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | telecontrol_server_basic_8_v3.1 | < V3.1.2.1 | V3.1.2.1 |
| siemens | telecontrol_server_basic_serv_upgr | < V3.1.2.1 | V3.1.2.1 |
| siemens | telecontrol_server_basic_upgr_v3.1 | < V3.1.2.1 | V3.1.2.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is unauthenticated remote deserialization of a maliciously crafted serialized object sent to the TeleControl Server Basic redundancy service; monitor for unexpected inbound serialized object traffic to the affected server. ↗
- →The vulnerability is only exploitable when redundancy is configured; detection should focus on TeleControl Server Basic V3.1 instances with redundancy enabled running versions prior to V3.1.2.1. ↗
- →Successful exploitation results in code execution with SYSTEM privileges; alert on unexpected SYSTEM-level process spawning from the TeleControl Server Basic process. ↗
- →Network-level mitigation/detection: restrict and monitor access to TeleControl Server Basic systems; any connection from untrusted IPs to the redundancy service port should be treated as suspicious. ↗
- ·The vulnerability is only present when the redundancy feature is configured; systems without redundancy enabled are not affected even if running a vulnerable version. ↗
- ·No known public exploitation specifically targeting this vulnerability has been reported at the time of advisory publication. ↗
- ·CVSS v3.1 temporal vector includes E:P (proof-of-concept exploit exists) and RL:O (official fix available), indicating partial exploit code may be publicly available. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens TeleControl Server
cisa_ics·2024-11-14
Siemens TeleControl Server
ICS Advisory
##
Siemens TeleControl Server
Release DateNovember 14, 2024
Alert CodeICSA-24-319-10
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: TeleControl Server
- Vulnerability: Deserialization of Untrusted Data
## 2. RISK EVALUATION
Successful exploitation of this vul
GHSA
GHSA-57qc-q8rc-w8h7: A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3
ghsa_unreviewed·2024-11-12
CVE-2024-44102 [CRITICAL] CWE-502 GHSA-57qc-q8rc-w8h7: A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All
No detection rules found.
No public exploits indexed.
2024-11-12
Published