ID

VAR-201912-1297


CVE

CVE-2019-18331


TITLE

SPPA-T3000 Application Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-013042

DESCRIPTION

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains an information disclosure vulnerability.Information may be obtained. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. Siemens SPPA-T3000 has an information disclosure vulnerability

Trust: 2.34

sources: NVD: CVE-2019-18331 // JVNDB: JVNDB-2019-013042 // CNVD: CNVD-2019-44777 // IVD: f705023b-1052-4967-bdb7-01c7d9968e8d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f705023b-1052-4967-bdb7-01c7d9968e8d // CNVD: CNVD-2019-44777

AFFECTED PRODUCTS

vendor:siemensmodel:sppa-t3000 application serverscope: - version: -

Trust: 1.4

vendor:siemensmodel:sppa-t3000 application serverscope:ltversion:r8.2

Trust: 1.0

vendor:siemensmodel:sppa-t3000 application serverscope:eqversion:r8.2

Trust: 1.0

vendor:sppa t3000 application servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f705023b-1052-4967-bdb7-01c7d9968e8d // CNVD: CNVD-2019-44777 // JVNDB: JVNDB-2019-013042 // NVD: CVE-2019-18331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18331
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18331
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44777
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-648
value: MEDIUM

Trust: 0.6

IVD: f705023b-1052-4967-bdb7-01c7d9968e8d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-18331
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44777
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f705023b-1052-4967-bdb7-01c7d9968e8d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-18331
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-18331
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: f705023b-1052-4967-bdb7-01c7d9968e8d // CNVD: CNVD-2019-44777 // JVNDB: JVNDB-2019-013042 // CNNVD: CNNVD-201912-648 // NVD: CVE-2019-18331

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2019-013042 // NVD: CVE-2019-18331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-648

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201912-648

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013042

PATCH

title:SSA-451445url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Trust: 0.8

title:Patch for Siemens SPPA-T3000 Information Disclosure Vulnerability (CNVD-2019-44777)url:https://www.cnvd.org.cn/patchInfo/show/193701

Trust: 0.6

title:Siemens SPPA-T3000 Application Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105410

Trust: 0.6

sources: CNVD: CNVD-2019-44777 // JVNDB: JVNDB-2019-013042 // CNNVD: CNNVD-201912-648

EXTERNAL IDS

db:NVDid:CVE-2019-18331

Trust: 3.2

db:SIEMENSid:SSA-451445

Trust: 2.2

db:ICS CERTid:ICSA-19-351-02

Trust: 1.4

db:CNVDid:CNVD-2019-44777

Trust: 0.8

db:CNNVDid:CNNVD-201912-648

Trust: 0.8

db:JVNDBid:JVNDB-2019-013042

Trust: 0.8

db:AUSCERTid:ESB-2019.4705

Trust: 0.6

db:IVDid:F705023B-1052-4967-BDB7-01C7D9968E8D

Trust: 0.2

sources: IVD: f705023b-1052-4967-bdb7-01c7d9968e8d // CNVD: CNVD-2019-44777 // JVNDB: JVNDB-2019-013042 // CNNVD: CNNVD-201912-648 // NVD: CVE-2019-18331

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Trust: 2.2

url:https://www.us-cert.gov/ics/advisories/icsa-19-351-02

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-18331

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18331

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.4705/

Trust: 0.6

sources: CNVD: CNVD-2019-44777 // JVNDB: JVNDB-2019-013042 // CNNVD: CNNVD-201912-648 // NVD: CVE-2019-18331

SOURCES

db:IVDid:f705023b-1052-4967-bdb7-01c7d9968e8d
db:CNVDid:CNVD-2019-44777
db:JVNDBid:JVNDB-2019-013042
db:CNNVDid:CNNVD-201912-648
db:NVDid:CVE-2019-18331

LAST UPDATE DATE

2024-08-14T13:25:14.060000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-44777date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013042date:2019-12-26T00:00:00
db:CNNVDid:CNNVD-201912-648date:2022-02-25T00:00:00
db:NVDid:CVE-2019-18331date:2022-03-04T20:49:09.280

SOURCES RELEASE DATE

db:IVDid:f705023b-1052-4967-bdb7-01c7d9968e8ddate:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44777date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013042date:2019-12-19T00:00:00
db:CNNVDid:CNNVD-201912-648date:2019-12-12T00:00:00
db:NVDid:CVE-2019-18331date:2019-12-12T19:15:19.560