CVE-2024-44102Deserialization of Untrusted Data in Siemens PP Telecontrol Server Basic 1000 TO 5000 V3.1

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
8.7%
top 7.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Siemens PP Telecontrol Server Basic 1000 TO 5000 V3.1Siemens PP Telecontrol Server Basic 256 TO 1000 V3.1Siemens PP Telecontrol Server Basic 32 TO 64 V3.1+11 more
Timeline
PublishedNov 12

Description

A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundanc

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages14 packages

Patches

Patch: cert-portal.siemens.com

🔴Vulnerability Details

2
CVEList
CVE-2024-44102: A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V32024-11-12
GHSA
GHSA-57qc-q8rc-w8h7: A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V32024-11-12
CVE-2024-44102 — Deserialization of Untrusted Data | cvebase