Sign-up

ID

VAR-201912-1274


CVE

CVE-2019-18308


TITLE

SPPA-T3000 MS3000 Migration Server Vulnerability in Permission Management

Trust: 0.8

sources: JVNDB: JVNDB-2019-013114

DESCRIPTION

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. This vulnerability CVE-2019-18309 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants

Trust: 2.34

sources: NVD: CVE-2019-18308 // JVNDB: JVNDB-2019-013114 // CNVD: CNVD-2019-45386 // IVD: 49ae0b73-6aa8-4871-8db4-46014c71f189

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 49ae0b73-6aa8-4871-8db4-46014c71f189 // CNVD: CNVD-2019-45386

AFFECTED PRODUCTS

vendor:siemensmodel:sppa-t3000 ms3000 migration serverscope: - version: -

Trust: 1.4

vendor:siemensmodel:sppa-t3000 ms3000 migration serverscope:eqversion:*

Trust: 1.0

vendor:sppa t3000 ms3000 migration servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 49ae0b73-6aa8-4871-8db4-46014c71f189 // CNVD: CNVD-2019-45386 // JVNDB: JVNDB-2019-013114 // NVD: CVE-2019-18308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18308
value: HIGH

Trust: 1.0

NVD: CVE-2019-18308
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-45386
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-622
value: HIGH

Trust: 0.6

IVD: 49ae0b73-6aa8-4871-8db4-46014c71f189
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-18308
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-45386
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 49ae0b73-6aa8-4871-8db4-46014c71f189
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-18308
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-18308
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 49ae0b73-6aa8-4871-8db4-46014c71f189 // CNVD: CNVD-2019-45386 // JVNDB: JVNDB-2019-013114 // CNNVD: CNNVD-201912-622 // NVD: CVE-2019-18308

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2019-013114 // NVD: CVE-2019-18308

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-622

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-622

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013114

PATCH
title:SSA-451445url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Trust: 0.8
title:Patch for Siemens SPPA-T3000 MS3000 Migration Server Incorrect Access Control Vulnerability (CNVD-2019-45386)url:https://www.cnvd.org.cn/patchInfo/show/194245
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-45386 // 
            
            
            
            JVNDB: JVNDB-2019-013114

EXTERNAL IDS
db:NVDid:CVE-2019-18308
Trust: 3.2
db:SIEMENSid:SSA-451445
Trust: 2.2
db:ICS CERTid:ICSA-19-351-02
Trust: 1.4
db:CNVDid:CNVD-2019-45386
Trust: 0.8
db:CNNVDid:CNNVD-201912-622
Trust: 0.8
db:JVNDBid:JVNDB-2019-013114
Trust: 0.8
db:AUSCERTid:ESB-2019.4705
Trust: 0.6
db:IVDid:49AE0B73-6AA8-4871-8DB4-46014C71F189
Trust: 0.2
sources:
            
            
            IVD: 49ae0b73-6aa8-4871-8db4-46014c71f189 // 
            
            
            
            CNVD: CNVD-2019-45386 // 
            
            
            
            JVNDB: JVNDB-2019-013114 // 
            
            
            
            CNNVD: CNNVD-201912-622 // 
            
            
            
            NVD: CVE-2019-18308

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Trust: 2.2
url:https://www.us-cert.gov/ics/advisories/icsa-19-351-02
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-18308
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18308
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4705/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-45386 // 
            
            
            
            JVNDB: JVNDB-2019-013114 // 
            
            
            
            CNNVD: CNNVD-201912-622 // 
            
            
            
            NVD: CVE-2019-18308

SOURCES
db:IVDid:49ae0b73-6aa8-4871-8db4-46014c71f189
db:CNVDid:CNVD-2019-45386
db:JVNDBid:JVNDB-2019-013114
db:CNNVDid:CNNVD-201912-622
db:NVDid:CVE-2019-18308

LAST UPDATE DATE
2024-08-14T13:25:14.748000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-45386date:2019-12-16T00:00:00
db:JVNDBid:JVNDB-2019-013114date:2019-12-26T00:00:00
db:CNNVDid:CNNVD-201912-622date:2022-03-10T00:00:00
db:NVDid:CVE-2019-18308date:2022-03-04T22:19:57.810

SOURCES RELEASE DATE
db:IVDid:49ae0b73-6aa8-4871-8db4-46014c71f189date:2019-12-16T00:00:00
db:CNVDid:CNVD-2019-45386date:2019-12-16T00:00:00
db:JVNDBid:JVNDB-2019-013114date:2019-12-19T00:00:00
db:CNNVDid:CNNVD-201912-622date:2019-12-12T00:00:00
db:NVDid:CVE-2019-18308date:2019-12-12T19:15:17.607