Denial-of-Service Vulnerability in SPPA-T3000 Application Server by Siemens
CVE-2019-18319

7.5HIGH

Key Information:

Vendor: Siemens
Status: Sppa-t3000 Application Server
Vendor: CVE Published:; 12 December 2019

Summary

A vulnerability in the SPPA-T3000 Application Server allows an attacker with network access to potentially cause a Denial-of-Service condition. This occurs when specially crafted objects are sent via Remote Method Invocation (RMI). Importantly, it does not relate to CVE-2019-18317 or CVE-2019-18318. As of the advisory's publication, there has been no public disclosure of active exploitation of this security flaw.

Affected Version(s)

SPPA-T3000 Application Server All versions < Service Pack R8.2 SP2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-45144...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2019
Vulnerability Reserved
Oct 23, 2019