CVE-2024-44102
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Summary
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | PP TeleControl Server Basic 1000 to 5000 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | PP TeleControl Server Basic 256 to 1000 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | PP TeleControl Server Basic 32 to 64 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | PP TeleControl Server Basic 64 to 256 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | PP TeleControl Server Basic 8 to 32 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | TeleControl Server Basic 1000 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | TeleControl Server Basic 256 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | TeleControl Server Basic 32 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | TeleControl Server Basic 5000 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | TeleControl Server Basic 64 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | TeleControl Server Basic 8 V3.1 | 0 < V3.1.2.1 | affected |
| Siemens | TeleControl Server Basic Serv Upgr | 0 < V3.1.2.1 | affected |
| Siemens | TeleControl Server Basic Upgr V3.1 | 0 < V3.1.2.1 | affected |
Weaknesses
- CWE-502: CWE-502: Deserialization of Untrusted Data
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.