CVE-2025-29931
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-29931
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
长度参数不一致性处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens TeleControl Server Basic 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens TeleControl Server Basic是德国西门子(Siemens)公司的一个工业远程控制器。 Siemens TeleControl Server Basic 3.1.2.2之前版本存在安全漏洞,该漏洞源于序列化消息中长度字段验证不足,可能导致拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Siemens | TeleControl Server Basic | 0 ~ V3.1.2.2 | - |
II. Public POCs for CVE-2025-29931
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-29931
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: TeleControl Server Basic
Same weakness: CWE-130
- CVE-2026-5766
Potential denial-of-service vulnerability in ASGI requests v - CVE-2026-33846
Gnutls: gnutls: denial of service via heap buffer overflow i - CVE-2026-3868
Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞 - CVE-2026-5265
Ovn: ovn: heap over-read in icmp error response generation - - CVE-2026-5367
Ovn: ovn: information disclosure via crafted dhcpv6 packets
V. Comments for CVE-2025-29931
No comments yet