ID

VAR-201912-1238


CVE

CVE-2019-18333


TITLE

SPPA-T3000 Application Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-013044

DESCRIPTION

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains an information disclosure vulnerability.Information may be obtained. Siemens SPPA-T3000 Application Server is a Java-based application server from Siemens, Germany. The vulnerability stems from configuration errors in the network system or product during operation. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component

Trust: 2.16

sources: NVD: CVE-2019-18333 // JVNDB: JVNDB-2019-013044 // CNVD: CNVD-2020-04292

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-04292

AFFECTED PRODUCTS

vendor:siemensmodel:sppa-t3000 application serverscope:ltversion:r8.2

Trust: 1.0

vendor:siemensmodel:sppa-t3000 application serverscope:eqversion:r8.2

Trust: 1.0

vendor:siemensmodel:sppa-t3000 application serverscope: - version: -

Trust: 0.8

vendor:siemensmodel:sppa-t3000 application server all versionsscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // NVD: CVE-2019-18333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18333
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18333
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-04292
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-649
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-18333
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-04292
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18333
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-18333
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // CNNVD: CNNVD-201912-649 // NVD: CVE-2019-18333

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2019-013044 // NVD: CVE-2019-18333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-649

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-649

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013044

PATCH

title:SSA-451445url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Trust: 0.8

title:Patch for SPPA-T3000 Application Server Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/199545

Trust: 0.6

title:Siemens SPPA-T3000 Application Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105411

Trust: 0.6

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // CNNVD: CNNVD-201912-649

EXTERNAL IDS

db:NVDid:CVE-2019-18333

Trust: 3.0

db:SIEMENSid:SSA-451445

Trust: 1.6

db:ICS CERTid:ICSA-19-351-02

Trust: 1.4

db:JVNDBid:JVNDB-2019-013044

Trust: 0.8

db:CNVDid:CNVD-2020-04292

Trust: 0.6

db:AUSCERTid:ESB-2019.4705

Trust: 0.6

db:CNNVDid:CNNVD-201912-649

Trust: 0.6

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // CNNVD: CNNVD-201912-649 // NVD: CVE-2019-18333

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-18333

Trust: 2.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Trust: 1.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-351-02

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18333

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.4705/

Trust: 0.6

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // CNNVD: CNNVD-201912-649 // NVD: CVE-2019-18333

SOURCES

db:CNVDid:CNVD-2020-04292
db:JVNDBid:JVNDB-2019-013044
db:CNNVDid:CNNVD-201912-649
db:NVDid:CVE-2019-18333

LAST UPDATE DATE

2024-08-14T13:25:14.095000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-04292date:2020-02-07T00:00:00
db:JVNDBid:JVNDB-2019-013044date:2019-12-26T00:00:00
db:CNNVDid:CNNVD-201912-649date:2022-02-25T00:00:00
db:NVDid:CVE-2019-18333date:2022-03-04T20:51:12.917

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-04292date:2020-02-07T00:00:00
db:JVNDBid:JVNDB-2019-013044date:2019-12-19T00:00:00
db:CNNVDid:CNNVD-201912-649date:2019-12-12T00:00:00
db:NVDid:CVE-2019-18333date:2019-12-12T19:15:19.763