Details of VAR-201912-1238

ID

VAR-201912-1238

CVE

CVE-2019-18333

TITLE

SPPA-T3000 Application Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-013044

DESCRIPTION

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains an information disclosure vulnerability.Information may be obtained. Siemens SPPA-T3000 Application Server is a Java-based application server from Siemens, Germany. The vulnerability stems from configuration errors in the network system or product during operation. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component

Trust: 2.16

sources: NVD: CVE-2019-18333 // JVNDB: JVNDB-2019-013044 // CNVD: CNVD-2020-04292

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-04292

AFFECTED PRODUCTS

vendor:	siemens	model:	sppa-t3000 application server	scope:	lt	version:	r8.2	Trust: 1.0
vendor:	siemens	model:	sppa-t3000 application server	scope:	eq	version:	r8.2	Trust: 1.0
vendor:	siemens	model:	sppa-t3000 application server	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	sppa-t3000 application server all versions	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // NVD: CVE-2019-18333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18333
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-18333
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-04292
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-649
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-18333
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-04292
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-18333
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-18333
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // CNNVD: CNNVD-201912-649 // NVD: CVE-2019-18333

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2019-013044 // NVD: CVE-2019-18333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-649

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-649

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013044

PATCH

title:	SSA-451445	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf	Trust: 0.8
title:	Patch for SPPA-T3000 Application Server Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/199545	Trust: 0.6
title:	Siemens SPPA-T3000 Application Server Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105411	Trust: 0.6

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // CNNVD: CNNVD-201912-649

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18333	Trust: 3.0
db:	SIEMENS	id:	SSA-451445	Trust: 1.6
db:	ICS CERT	id:	ICSA-19-351-02	Trust: 1.4
db:	JVNDB	id:	JVNDB-2019-013044	Trust: 0.8
db:	CNVD	id:	CNVD-2020-04292	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4705	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-649	Trust: 0.6

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // CNNVD: CNNVD-201912-649 // NVD: CVE-2019-18333

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-18333	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf	Trust: 1.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-351-02	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18333	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.4705/	Trust: 0.6

sources: CNVD: CNVD-2020-04292 // JVNDB: JVNDB-2019-013044 // CNNVD: CNNVD-201912-649 // NVD: CVE-2019-18333

SOURCES

db:	CNVD	id:	CNVD-2020-04292
db:	JVNDB	id:	JVNDB-2019-013044
db:	CNNVD	id:	CNNVD-201912-649
db:	NVD	id:	CVE-2019-18333

LAST UPDATE DATE

2024-08-14T13:25:14.095000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-04292	date:	2020-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-013044	date:	2019-12-26T00:00:00
db:	CNNVD	id:	CNNVD-201912-649	date:	2022-02-25T00:00:00
db:	NVD	id:	CVE-2019-18333	date:	2022-03-04T20:51:12.917

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-04292	date:	2020-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-013044	date:	2019-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201912-649	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-18333	date:	2019-12-12T19:15:19.763