MSGID: 2:263/1.0 cea094ef
TZUTC: 0100
CHRS: CP850 2
Siemens TeleControl Server Basic
As of January 10, 2023, CISA will no longer be updating ICS security
advisories for Siemens product vulnerabilities beyond the initial
advisory. For the most up-to-date information on vulnerabilities in this
advisory, please see Siemens' ProductCERT Security Advisories (CERT Services |
Services | Siemens Global).
View
CSAF
1. EXECUTIVE SUMMARY
- CVSS v4 6.3
- ATTENTION: Exploitable remotely
- Vendor: Siemens
- Equipment: TeleControl Server Basic
- Vulnerability: Improper Handling of Length Parameter
Inconsistency
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to
cause the application to allocate exhaustive amounts of memory and
subsequently create a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- TeleControl Server Basic: Versions prior to V3.1.2.2
3.2 VULNERABILITY OVERVIEW
The affected product does not properly validate a length field in a
serialized message, which it uses to determine the amount of memory to be
allocated for deserialization. This could allow an unauthenticated remote
attacker to cause the application to allocate exhaustive amounts of memory and
subsequently create a partial denial-of-service condition. Successful
exploitation is only possible in redundant TeleControl Server Basic setups and
only if the connection between the redundant servers has been disrupted.
CVE-2025-29931 has been assigned to this vulnerability. A
CVSS v3.1 base score of 3.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
).
A CVSS v4 score has also been calculated for CVE-2025-29931. A base score of 6.3 has been calculated;
the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Energy, Water and
Wastewater Systems, Transportation Systems
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER
Jin Huang from ADLab of Venustech coordinated this vulnerability with
Siemens.
4. MITIGATIONS
Siemens has released a new version for TeleControl Server Basic and
recommends to update to the latest version.
Siemens has identified the following specific workarounds and mitigations
users can apply to reduce risk:
- Disable TeleControl Server Basic redundancy, if not used.
As a general security measure, Siemens recommends protecting network access
to devices with appropriate mechanisms. To operate the devices in a protected
IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security
and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the
Siemens
industrial security webpage.
For more information see the associated Siemens security advisory SSA-395348
in HTML and CSAF.
CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability, such as:
- Minimize network exposure for all control system devices and/or systems,
ensuring they are not accessible from the i
ternet.
- Locate control system networks and remote devices behind firewalls and
isolating them from business networks.
- When remote access is required, use more secure methods, such as Virtual
Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be
updated to the most recent version available, and are only as secure as the
connected devices.
CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.
CISA also provides a section for control systems
security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense
best practices are available for reading and download, including Improving Industrial
Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity
strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly
available on the ICS webpage at cisa.gov in the technical information
paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and
Mitigation Strategies.
Organizations observing suspected malicious activity should follow
established internal procedures and report findings to CISA for tracking and
correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has
been reported to CISA at this time. This vulnerability has a high attack
complexity.
5. UPDATE HISTORY
- April 22, 2025: Initial Republication of Siemens ProductCERT
SSA-395348
https://www.cisa.gov/news-events/ics-advisories/icsa-25-112-02
2025-04-22 12:00 UTC
--- BBBS/LiR v4.10 Toy-7
* Origin: MoscowTimes feed - READ ONLY (2:263/1)
SEEN-BY: 105/81 124/5016 128/187 135/115 153/757 154/30 110 203/0
SEEN-BY: 221/0 226/30 227/114 229/110 114 300 307 426 470 700 705
SEEN-BY: 240/1120 263/1 280/464 291/111 292/854 301/1 310/31 341/66
SEEN-BY: 460/58 467/888 633/280 902/26 5020/715
PATH: 263/1 280/464 292/854 229/426
| 