CVE-2025-29931

CWE-1303 documents3 sources

Severity

6.3MEDIUM

EPSS

0.3%

top 42.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Telecontrol Server Basic

Timeline

PublishedApr 17

Description

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Te…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/telecontrol_server_basic< V3.1.2.2

▶NVDsiemens/telecontrol< 3.1.2.2

🔴Vulnerability Details

GHSA

GHSA-5659-7353-7w5p: A vulnerability has been identified in TeleControl Server Basic (All versions < V3↗2025-04-17

▶

CVEList

CVE-2025-29931: A vulnerability has been identified in TeleControl Server Basic (All versions < V3↗2025-04-17

▶