ID

VAR-201912-1239


CVE

CVE-2019-18334


TITLE

SPPA-T3000 Application Server Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013040

DESCRIPTION

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains an information disclosure vulnerability.Information may be obtained. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. Siemens SPPA-T3000 has an information disclosure vulnerability

Trust: 3.06

sources: NVD: CVE-2019-18334 // JVNDB: JVNDB-2019-013040 // CNVD: CNVD-2019-44784 // CNVD: CNVD-2019-44781 // IVD: fe6b227b-b344-4806-99b5-f8c0bea093e8 // IVD: 37407655-97b8-4996-af56-7d4a255d7ef3

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: fe6b227b-b344-4806-99b5-f8c0bea093e8 // IVD: 37407655-97b8-4996-af56-7d4a255d7ef3 // CNVD: CNVD-2019-44784 // CNVD: CNVD-2019-44781

AFFECTED PRODUCTS

vendor:siemensmodel:sppa-t3000 application serverscope: - version: -

Trust: 2.0

vendor:siemensmodel:sppa-t3000 application serverscope:ltversion:r8.2

Trust: 1.0

vendor:siemensmodel:sppa-t3000 application serverscope:eqversion:r8.2

Trust: 1.0

vendor:sppa t3000 application servermodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: fe6b227b-b344-4806-99b5-f8c0bea093e8 // IVD: 37407655-97b8-4996-af56-7d4a255d7ef3 // CNVD: CNVD-2019-44784 // CNVD: CNVD-2019-44781 // JVNDB: JVNDB-2019-013040 // NVD: CVE-2019-18334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18334
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18334
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44784
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2019-44781
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-651
value: MEDIUM

Trust: 0.6

IVD: fe6b227b-b344-4806-99b5-f8c0bea093e8
value: MEDIUM

Trust: 0.2

IVD: 37407655-97b8-4996-af56-7d4a255d7ef3
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-18334
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44784
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2019-44781
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fe6b227b-b344-4806-99b5-f8c0bea093e8
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 37407655-97b8-4996-af56-7d4a255d7ef3
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-18334
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-18334
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: fe6b227b-b344-4806-99b5-f8c0bea093e8 // IVD: 37407655-97b8-4996-af56-7d4a255d7ef3 // CNVD: CNVD-2019-44784 // CNVD: CNVD-2019-44781 // JVNDB: JVNDB-2019-013040 // CNNVD: CNNVD-201912-651 // NVD: CVE-2019-18334

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2019-013040 // NVD: CVE-2019-18334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-651

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-651

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013040

PATCH

title:SSA-451445url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Trust: 0.8

title:Patch for Siemens SPPA-T3000 Information Disclosure Vulnerability (CNVD-2019-44784)url:https://www.cnvd.org.cn/patchInfo/show/193693

Trust: 0.6

title:Patch for Siemens SPPA-T3000 Information Disclosure Vulnerability (CNVD-2019-44781)url:https://www.cnvd.org.cn/patchInfo/show/193697

Trust: 0.6

title:Siemens SPPA-T3000 Application Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105412

Trust: 0.6

sources: CNVD: CNVD-2019-44784 // CNVD: CNVD-2019-44781 // JVNDB: JVNDB-2019-013040 // CNNVD: CNNVD-201912-651

EXTERNAL IDS

db:NVDid:CVE-2019-18334

Trust: 4.0

db:SIEMENSid:SSA-451445

Trust: 2.8

db:ICS CERTid:ICSA-19-351-02

Trust: 1.4

db:CNNVDid:CNNVD-201912-651

Trust: 1.0

db:CNVDid:CNVD-2019-44784

Trust: 0.8

db:CNVDid:CNVD-2019-44781

Trust: 0.8

db:JVNDBid:JVNDB-2019-013040

Trust: 0.8

db:AUSCERTid:ESB-2019.4705

Trust: 0.6

db:IVDid:FE6B227B-B344-4806-99B5-F8C0BEA093E8

Trust: 0.2

db:IVDid:37407655-97B8-4996-AF56-7D4A255D7EF3

Trust: 0.2

sources: IVD: fe6b227b-b344-4806-99b5-f8c0bea093e8 // IVD: 37407655-97b8-4996-af56-7d4a255d7ef3 // CNVD: CNVD-2019-44784 // CNVD: CNVD-2019-44781 // JVNDB: JVNDB-2019-013040 // CNNVD: CNNVD-201912-651 // NVD: CVE-2019-18334

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Trust: 2.8

url:https://www.us-cert.gov/ics/advisories/icsa-19-351-02

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-18334

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18334

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.4705/

Trust: 0.6

sources: CNVD: CNVD-2019-44784 // CNVD: CNVD-2019-44781 // JVNDB: JVNDB-2019-013040 // CNNVD: CNNVD-201912-651 // NVD: CVE-2019-18334

SOURCES

db:IVDid:fe6b227b-b344-4806-99b5-f8c0bea093e8
db:IVDid:37407655-97b8-4996-af56-7d4a255d7ef3
db:CNVDid:CNVD-2019-44784
db:CNVDid:CNVD-2019-44781
db:JVNDBid:JVNDB-2019-013040
db:CNNVDid:CNNVD-201912-651
db:NVDid:CVE-2019-18334

LAST UPDATE DATE

2024-08-14T13:25:15.093000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-44784date:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44781date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013040date:2019-12-26T00:00:00
db:CNNVDid:CNNVD-201912-651date:2022-02-25T00:00:00
db:NVDid:CVE-2019-18334date:2022-03-04T20:50:02.133

SOURCES RELEASE DATE

db:IVDid:fe6b227b-b344-4806-99b5-f8c0bea093e8date:2019-12-11T00:00:00
db:IVDid:37407655-97b8-4996-af56-7d4a255d7ef3date:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44784date:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44781date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013040date:2019-12-19T00:00:00
db:CNNVDid:CNNVD-201912-651date:2019-12-12T00:00:00
db:NVDid:CVE-2019-18334date:2019-12-12T19:15:19.843