OTPulse
FeedAboutContact

Improper Handling of Length Parameter Inconsistency Vulnerability in TeleControl Server Basic before V3.1.2.2

Low Risk3.7SSA-395348Apr 16, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

TeleControl Server Basic before V3.1.2.2 contains an Improper Handling of Length Parameter Inconsistency Vulnerability (CWE-130). An attacker could send malformed messages to the server that cause incorrect memory allocation, leading to exhaustive memory consumption and denial of service. The vulnerability allows an unauthenticated attacker with network access to the application to crash the service.

What this means
What could happen
An attacker could send specially crafted network messages to the TeleControl Server Basic, causing it to consume excessive memory and become unresponsive, which would interrupt SCADA communications and remote control operations.
Who's at risk
SCADA operators and system administrators responsible for remote terminal units (RTUs) or other field devices controlled through Siemens TeleControl Server Basic installations. This impacts any utility or industrial facility using TeleControl for remote operations and monitoring.
How it could be exploited
An attacker with network access to the TeleControl Server Basic application would send a malformed message with an inconsistent length parameter. The server would mishandle the length value, allocating memory based on the incorrect size, eventually exhausting system memory and crashing the application.
Prerequisites
  • Network access to the TeleControl Server Basic on its service port
  • No authentication required
remotely exploitableno authentication requireddenial of service impact
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
TeleControl Server Basic< V3.1.2.23.1.2.2
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate TeleControl Server Basic to version 3.1.2.2 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/cca3926b-6f18-45c9-be86-bd44b5f8cb31
Improper Handling of Length Parameter Inconsistency Vulnerability in TeleControl Server Basic before V3.1.2.2 | CVSS 3.7 - OTPulse