Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server
CVE-2019-18289

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Sppa-t3000 Ms3000 Migration Server
Vendor: CVE Published:; 12 December 2019

Summary

A vulnerability in the SPPA-T3000 MS3000 Migration Server allows an attacker with network access to send specially crafted packets to port 5010/tcp, potentially causing a Denial-of-Service condition and enabling remote code execution. This vulnerability requires network access for exploitation and is distinct from other identified vulnerabilities like CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. No public exploitation of this vulnerability was reported at the time of the advisory.

Affected Version(s)

SPPA-T3000 MS3000 Migration Server All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-45144...

x_refsource_MISC

http://packetstormsecurity.com/files/155665/Siemens-Secur...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2019
Vulnerability Reserved
Oct 23, 2019