1. Home
  2. CVE Database
  3. CVE-2025-29931
LOW · 3.7

CVE-2025-29931

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to deter...

Vulnerability Description

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
SiemensTelecontrol Server Basic< 3.1.2.2

Related Weaknesses (CWE)

CWE-130

References

FAQ

What is CVE-2025-29931?

CVE-2025-29931 is a vulnerability with a CVSS score of 3.7 (LOW). A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to deter...

How severe is CVE-2025-29931?

CVE-2025-29931 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-29931?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Telecontrol Server Basic.