Application Server Vulnerability in SPPA-T3000 by Siemens
CVE-2019-18335

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Sppa-t3000 Application Server
Vendor: CVE Published:; 12 December 2019

What is CVE-2019-18335?

A vulnerability in the SPPA-T3000 Application Server allows an attacker with network access to potentially gain unauthorized access to sensitive logs and configuration files. By sending specifically crafted packets to port 80/tcp, an attacker may exploit this weakness to extract critical information. It's important to note that exploitation requires network access to the Application Server. As of the advisory publication date, there have been no known public exploits targeting this security issue.

Affected Version(s)

SPPA-T3000 Application Server All versions < Service Pack R8.2 SP2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-45144...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2019
Vulnerability Reserved
Oct 23, 2019