Multiple Vulnerabilities in Telecontrol Server Basic before V3.1.2.0
Act Now8.8SSA-556635Apr 9, 2024
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
TeleControl Server Basic V3 before V3.1.2.0 contains multiple vulnerabilities across memory management (CWE-415, CWE-416, CWE-119), integer handling (CWE-190), cryptography (CWE-326, CWE-311, CWE-295), path traversal (CWE-22, CWE-73), input validation (CWE-20), and null pointer handling (CWE-476, CWE-754, CWE-1333). These flaws allow an authenticated user to read confidential data, modify operations, or cause denial of service on the TeleControl server.
What this means
What could happen
Multiple vulnerabilities in TeleControl Server Basic could allow an authenticated attacker to read sensitive data, modify system behavior, or crash the server. The affected device controls remote SCADA operations, so exploitation could disrupt monitoring and control of substations, generation facilities, or critical infrastructure networks.
Who's at risk
Operators of SCADA systems, utility control centers, and substations using Siemens TeleControl Server Basic for remote device management and monitoring should prioritize this update. Any site relying on this software for remote RTU or IED communication across wide-area networks is affected.
How it could be exploited
An attacker with valid login credentials to the TeleControl Server Basic web interface could send specially crafted requests to trigger memory corruption, path traversal, integer overflow, or weak cryptography flaws. By chaining these vulnerabilities, the attacker could execute commands on the server with the same privileges as the service, potentially allowing them to alter operator commands or inject malicious data into the control channel.
Prerequisites
- Valid login credentials to TeleControl Server Basic web interface
- Network access to the TeleControl Server Basic on port 80 or 443
- Target device running version 3.1.2.0 or earlier
remotely exploitablerequires valid credentialslow complexity attackhigh EPSS score (88.5%)affects SCADA/control operationsmultiple vulnerability classes
Exploitability
High exploit probability (EPSS 88.5%)
Affected products (1)
ProductAffected VersionsFix Status
TeleControl Server Basic V3<V3.1.23.1.2
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate TeleControl Server Basic to version 3.1.2 or later
CVEs (47)
CVE-2022-4304CVE-2022-4450CVE-2022-40303CVE-2022-40304CVE-2022-43513CVE-2022-43514CVE-2022-44725CVE-2022-46908CVE-2023-0215CVE-2023-0286CVE-2023-0464CVE-2023-0465CVE-2023-0466CVE-2023-3446CVE-2023-4807CVE-2023-5678CVE-2023-21528CVE-2023-21568CVE-2023-21704CVE-2023-21705CVE-2023-21713CVE-2023-21718CVE-2023-23384CVE-2023-28484CVE-2023-29349CVE-2023-29356CVE-2023-29469CVE-2023-32025CVE-2023-32026CVE-2023-32027CVE-2023-32028CVE-2023-36049CVE-2023-36417CVE-2023-36420CVE-2023-36560CVE-2023-36728CVE-2023-36730CVE-2023-36785CVE-2023-36788CVE-2023-36792CVE-2023-36793CVE-2023-36794CVE-2023-36796CVE-2023-36873CVE-2023-36899CVE-2023-38169CVE-2023-39615
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/637889e9-ad33-4c4a-8ea1-848593b9fe1d