Directory Listing Vulnerability in SPPA-T3000 Application Server by Siemens
CVE-2019-18286

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Sppa-t3000 Application Server
Vendor: CVE Published:; 12 December 2019

What is CVE-2019-18286?

The SPPA-T3000 Application Server presents a vulnerability wherein directory listings and files containing sensitive information may be exposed. This situation arises in all versions prior to Service Pack R8.2 SP2, creating a potential risk for unauthorized access to sensitive data. While exploiting this vulnerability necessitates that an attacker gain access to the Application Highway, it poses a significant threat if not addressed. It is critical for users to take preventive measures to secure their systems against this type of exposure.

Affected Version(s)

SPPA-T3000 Application Server All versions < Service Pack R8.2 SP2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-45144...

x_refsource_MISC

http://packetstormsecurity.com/files/155665/Siemens-Secur...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2019
Vulnerability Reserved
Oct 23, 2019