ID

VAR-201912-1832


CVE

CVE-2019-18332


TITLE

SPPA-T3000 Application Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-013043

DESCRIPTION

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains an information disclosure vulnerability.Information may be obtained. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. Siemens SPPA-T3000 has an information disclosure vulnerability

Trust: 2.34

sources: NVD: CVE-2019-18332 // JVNDB: JVNDB-2019-013043 // CNVD: CNVD-2019-44782 // IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9 // CNVD: CNVD-2019-44782

AFFECTED PRODUCTS

vendor:siemensmodel:sppa-t3000 application serverscope: - version: -

Trust: 1.4

vendor:siemensmodel:sppa-t3000 application serverscope:ltversion:r8.2

Trust: 1.0

vendor:siemensmodel:sppa-t3000 application serverscope:eqversion:r8.2

Trust: 1.0

vendor:sppa t3000 application servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9 // CNVD: CNVD-2019-44782 // JVNDB: JVNDB-2019-013043 // NVD: CVE-2019-18332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18332
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18332
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44782
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-650
value: MEDIUM

Trust: 0.6

IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-18332
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44782
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-18332
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-18332
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9 // CNVD: CNVD-2019-44782 // JVNDB: JVNDB-2019-013043 // CNNVD: CNNVD-201912-650 // NVD: CVE-2019-18332

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

problemtype:CWE-287

Trust: 1.0

sources: JVNDB: JVNDB-2019-013043 // NVD: CVE-2019-18332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-650

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-650

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013043

PATCH

title:SSA-451445url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Trust: 0.8

title:Patch for Siemens SPPA-T3000 Information Disclosure Vulnerability (CNVD-2019-44782)url:https://www.cnvd.org.cn/patchInfo/show/193699

Trust: 0.6

sources: CNVD: CNVD-2019-44782 // JVNDB: JVNDB-2019-013043

EXTERNAL IDS

db:NVDid:CVE-2019-18332

Trust: 3.2

db:SIEMENSid:SSA-451445

Trust: 2.2

db:ICS CERTid:ICSA-19-351-02

Trust: 1.4

db:CNVDid:CNVD-2019-44782

Trust: 0.8

db:CNNVDid:CNNVD-201912-650

Trust: 0.8

db:JVNDBid:JVNDB-2019-013043

Trust: 0.8

db:AUSCERTid:ESB-2019.4705

Trust: 0.6

db:IVDid:6DFD913C-48B0-4637-8953-5C1D060908E9

Trust: 0.2

sources: IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9 // CNVD: CNVD-2019-44782 // JVNDB: JVNDB-2019-013043 // CNNVD: CNNVD-201912-650 // NVD: CVE-2019-18332

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Trust: 2.2

url:https://www.us-cert.gov/ics/advisories/icsa-19-351-02

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-18332

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18332

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.4705/

Trust: 0.6

sources: CNVD: CNVD-2019-44782 // JVNDB: JVNDB-2019-013043 // CNNVD: CNNVD-201912-650 // NVD: CVE-2019-18332

SOURCES

db:IVDid:6dfd913c-48b0-4637-8953-5c1d060908e9
db:CNVDid:CNVD-2019-44782
db:JVNDBid:JVNDB-2019-013043
db:CNNVDid:CNNVD-201912-650
db:NVDid:CVE-2019-18332

LAST UPDATE DATE

2024-08-14T13:25:14.529000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-44782date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013043date:2019-12-26T00:00:00
db:CNNVDid:CNNVD-201912-650date:2022-02-25T00:00:00
db:NVDid:CVE-2019-18332date:2022-03-04T20:51:21.747

SOURCES RELEASE DATE

db:IVDid:6dfd913c-48b0-4637-8953-5c1d060908e9date:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44782date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013043date:2019-12-19T00:00:00
db:CNNVDid:CNNVD-201912-650date:2019-12-12T00:00:00
db:NVDid:CVE-2019-18332date:2019-12-12T19:15:19.687