Remote Code Execution Vulnerability in Siemens SPPA-T3000 Application Server
CVE-2019-18316
9.8CRITICAL
Key Information:
- Vendor
- Siemens
- Vendor
- CVE Published:
- 12 December 2019
Summary
A vulnerability exists in the Siemens SPPA-T3000 Application Server that allows an attacker with network access to execute arbitrary code remotely. The flaw is triggered by sending specially crafted packets to the server's TCP port 1099. An attacker must have network access to exploit this weakness, potentially compromising the security and functioning of the affected systems. As of the advisory's release, there were no known public exploits for this vulnerability, highlighting a window for organizations to take proactive measures.
Affected Version(s)
SPPA-T3000 Application Server All versions < Service Pack R8.2 SP2
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved