Sign-up

ID

VAR-201912-1240


CVE

CVE-2019-18335


TITLE

Siemens SPPA-T3000 Information Disclosure Vulnerability

Trust: 1.4

sources: IVD: ad726c4a-f56e-4f97-a18c-a953733a4993 // CNVD: CNVD-2019-44783 // CNNVD: CNNVD-201912-652

DESCRIPTION

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains an information disclosure vulnerability.Information may be obtained. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. Siemens SPPA-T3000 has an information disclosure vulnerability

Trust: 2.34

sources: NVD: CVE-2019-18335 // JVNDB: JVNDB-2019-013041 // CNVD: CNVD-2019-44783 // IVD: ad726c4a-f56e-4f97-a18c-a953733a4993

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ad726c4a-f56e-4f97-a18c-a953733a4993 // CNVD: CNVD-2019-44783

AFFECTED PRODUCTS

vendor:siemensmodel:sppa-t3000 application serverscope: - version: -

Trust: 1.4

vendor:siemensmodel:sppa-t3000 application serverscope:ltversion:r8.2

Trust: 1.0

vendor:siemensmodel:sppa-t3000 application serverscope:eqversion:r8.2

Trust: 1.0

vendor:sppa t3000 application servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ad726c4a-f56e-4f97-a18c-a953733a4993 // CNVD: CNVD-2019-44783 // JVNDB: JVNDB-2019-013041 // NVD: CVE-2019-18335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18335
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18335
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44783
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-652
value: MEDIUM

Trust: 0.6

IVD: ad726c4a-f56e-4f97-a18c-a953733a4993
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-18335
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44783
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ad726c4a-f56e-4f97-a18c-a953733a4993
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-18335
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-18335
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: ad726c4a-f56e-4f97-a18c-a953733a4993 // CNVD: CNVD-2019-44783 // JVNDB: JVNDB-2019-013041 // CNNVD: CNNVD-201912-652 // NVD: CVE-2019-18335

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2019-013041 // NVD: CVE-2019-18335

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-652

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-652

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013041

PATCH
title:SSA-451445url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Trust: 0.8
title:Patch for Siemens SPPA-T3000 Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/193695
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44783 // 
            
            
            
            JVNDB: JVNDB-2019-013041

EXTERNAL IDS
db:NVDid:CVE-2019-18335
Trust: 3.2
db:SIEMENSid:SSA-451445
Trust: 2.2
db:ICS CERTid:ICSA-19-351-02
Trust: 1.4
db:CNVDid:CNVD-2019-44783
Trust: 0.8
db:CNNVDid:CNNVD-201912-652
Trust: 0.8
db:JVNDBid:JVNDB-2019-013041
Trust: 0.8
db:AUSCERTid:ESB-2019.4705
Trust: 0.6
db:IVDid:AD726C4A-F56E-4F97-A18C-A953733A4993
Trust: 0.2
sources:
            
            
            IVD: ad726c4a-f56e-4f97-a18c-a953733a4993 // 
            
            
            
            CNVD: CNVD-2019-44783 // 
            
            
            
            JVNDB: JVNDB-2019-013041 // 
            
            
            
            CNNVD: CNNVD-201912-652 // 
            
            
            
            NVD: CVE-2019-18335

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Trust: 2.2
url:https://www.us-cert.gov/ics/advisories/icsa-19-351-02
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-18335
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18335
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4705/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44783 // 
            
            
            
            JVNDB: JVNDB-2019-013041 // 
            
            
            
            CNNVD: CNNVD-201912-652 // 
            
            
            
            NVD: CVE-2019-18335

SOURCES
db:IVDid:ad726c4a-f56e-4f97-a18c-a953733a4993
db:CNVDid:CNVD-2019-44783
db:JVNDBid:JVNDB-2019-013041
db:CNNVDid:CNNVD-201912-652
db:NVDid:CVE-2019-18335

LAST UPDATE DATE
2024-11-23T21:36:21.361000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44783date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013041date:2019-12-26T00:00:00
db:CNNVDid:CNNVD-201912-652date:2022-02-25T00:00:00
db:NVDid:CVE-2019-18335date:2024-11-21T04:33:04.253

SOURCES RELEASE DATE
db:IVDid:ad726c4a-f56e-4f97-a18c-a953733a4993date:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44783date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013041date:2019-12-19T00:00:00
db:CNNVDid:CNNVD-201912-652date:2019-12-12T00:00:00
db:NVDid:CVE-2019-18335date:2019-12-12T19:15:20.013