Vulnetix
Try Vulnetix Request Demo
SSA-454789 PUBLISHED CVSS 10 CRITICAL

TeleControl Server Basic V3.1 contains a deserialization vulnerability that could allow an unauthenticated attacker to execute arbitrary code on the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Risk Scores

CVSS v3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

VendorProductVersions
PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1)
TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0)
TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0)
TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0)
PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1)
TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0)
TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0)
TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0)
PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1)
TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1)
TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0)
PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1)
PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1)

Timeline

References

Open in Interactive Console →