SSA-454789

Siemens Security Advisory by Siemens ProductCERT

SSA-454789: Deserialization Vulnerability in TeleControl Server Basic V3.1

Publication Date:	2024-11-12
Last Update:	2024-11-12
Current Version:	V1.0
CVSS v3.1 Base Score:	10.0
CVSS v4.0 Base Score:	10.0

SUMMARY

TeleControl Server Basic V3.1 contains a deserialization vulnerability that could allow an unauthenticated attacker to execute arbitrary code on the device.

Siemens has released new versions for the affected products and recommends to update to the latest versions.

AFFECTED PRODUCTS AND SOLUTION

Un-/Collapse All

Affected Product and Versions	Remediation
TeleControl Server Basic V3.1	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic V3.1 Powerpacks	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic V3.1 Full Versions	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic V3.1 Upgrade Packages	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations
TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) All versions < V3.1.2.1 with redundancy configured affected by CVE-2024-44102	Update to V3.1.2.1 or later version https://support.industry.siemens.com/cs/ww/en/view/109975921/ See further recommendations from section Workarounds and Mitigations

WORKAROUNDS AND MITIGATIONS

Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:

Disable redundancy, if not used
Restrict access to the affected systems to trusted IP addresses only

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

PRODUCT DESCRIPTION

TeleControl Server Basic allows remote monitoring and control of plants via WAN/LAN.

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-44102

The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.

CVSS v3.1 Base Score	10.0
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CVSS v4.0 Base Score	10.0
CVSS v4.0 Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CWE	CWE-502: Deserialization of Untrusted Data

ACKNOWLEDGMENTS

Siemens thanks the following party for its efforts:

Tenable for coordinated disclosure

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2024-11-12):

Publication Date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.