cbcvebase.
CVE-2024-44102
published 2024-11-12

CVE-2024-44102: A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured)…

PriorityP273critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.00%
58.5th percentile
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.

Affected

14 ranges
VendorProductVersion rangeFixed in
siemenspp_telecontrol_server_basic_1000_to_5000_v3.1< V3.1.2.1V3.1.2.1
siemenspp_telecontrol_server_basic_256_to_1000_v3.1< V3.1.2.1V3.1.2.1
siemenspp_telecontrol_server_basic_32_to_64_v3.1< V3.1.2.1V3.1.2.1
siemenspp_telecontrol_server_basic_64_to_256_v3.1< V3.1.2.1V3.1.2.1
siemenspp_telecontrol_server_basic_8_to_32_v3.1< V3.1.2.1V3.1.2.1
siemenstelecontrol_server_basic>= 3.1 < 3.1.2.13.1.2.1
siemenstelecontrol_server_basic_1000_v3.1< V3.1.2.1V3.1.2.1
siemenstelecontrol_server_basic_256_v3.1< V3.1.2.1V3.1.2.1
siemenstelecontrol_server_basic_32_v3.1< V3.1.2.1V3.1.2.1
siemenstelecontrol_server_basic_5000_v3.1< V3.1.2.1V3.1.2.1
siemenstelecontrol_server_basic_64_v3.1< V3.1.2.1V3.1.2.1
siemenstelecontrol_server_basic_8_v3.1< V3.1.2.1V3.1.2.1
siemenstelecontrol_server_basic_serv_upgr< V3.1.2.1V3.1.2.1
siemenstelecontrol_server_basic_upgr_v3.1< V3.1.2.1V3.1.2.1

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is unauthenticated remote deserialization of a maliciously crafted serialized object sent to the TeleControl Server Basic redundancy service; monitor for unexpected inbound serialized object traffic to the affected server.
  • The vulnerability is only exploitable when redundancy is configured; detection should focus on TeleControl Server Basic V3.1 instances with redundancy enabled running versions prior to V3.1.2.1.
  • Successful exploitation results in code execution with SYSTEM privileges; alert on unexpected SYSTEM-level process spawning from the TeleControl Server Basic process.
  • Network-level mitigation/detection: restrict and monitor access to TeleControl Server Basic systems; any connection from untrusted IPs to the redundancy service port should be treated as suspicious.
  • ·The vulnerability is only present when the redundancy feature is configured; systems without redundancy enabled are not affected even if running a vulnerable version.
  • ·No known public exploitation specifically targeting this vulnerability has been reported at the time of advisory publication.
  • ·CVSS v3.1 temporal vector includes E:P (proof-of-concept exploit exists) and RL:O (official fix available), indicating partial exploit code may be publicly available.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.