Siemens TeleControl Server Basic

Low RiskCVSS 3.7ICS-CERT ICSA-25-112-02Apr 16, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

TeleControl Server Basic before V3.1.2.2 contains an improper handling of length parameter inconsistency vulnerability (CWE-130) that could allow an attacker to cause the application to allocate exhaustive amounts of memory and create a denial of service condition. The vulnerability has high attack complexity and no known public exploitation has been reported.

What this means

What could happen

An attacker could send specially crafted network traffic to TeleControl Server Basic that causes the application to consume excessive memory, making it unresponsive and unable to relay control commands to remote substations or generation facilities.

Who's at risk

Water authorities and municipal electric utilities using Siemens TeleControl Server Basic as the central point for SCADA communications with remote substations and generation facilities. Any organization running versions before 3.1.2.2 that relies on this server for remote device monitoring and control is affected.

How it could be exploited

An attacker on the network sends malformed protocol packets with inconsistent length parameters to the TeleControl Server Basic application. The application mishandles the parameter and allocates memory based on the incorrect value, exhausting available memory until the process crashes or becomes unresponsive.

Prerequisites

Network access to TeleControl Server Basic (typically on port 102 or similar for IEC 60870-5-104 protocol)
No credentials required
High attack complexity—attacker must craft specific malformed packets

Remotely exploitableNo authentication requiredAffects SCADA communication—loss of availability impacts operational controlHigh attack complexity limits practical exploitation risk

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

TeleControl Server Basic<V3.1.2.23.1.2.2

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDisable TeleControl Server Basic redundancy if it is not required for your operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TeleControl Server Basic to version 3.1.2.2 or later

Long-term hardening

0/2

HARDENINGRestrict network access to TeleControl Server Basic by implementing firewall rules to allow only trusted substations, RTUs, and engineering workstations to reach the server

HARDENINGIsolate TeleControl Server Basic from the business network and the internet; it should only be reachable from the control network

CVEs (1)

CVE-2025-29931

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f47d346a-b8fa-4550-b74e-d2d40132d7da

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.