Sign-up

ID

VAR-201912-1832


CVE

CVE-2019-18332


TITLE

SPPA-T3000 Application Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-013043

DESCRIPTION

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SPPA-T3000 Application Server Contains an information disclosure vulnerability.Information may be obtained. SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. Siemens SPPA-T3000 has an information disclosure vulnerability

Trust: 2.34

sources: NVD: CVE-2019-18332 // JVNDB: JVNDB-2019-013043 // CNVD: CNVD-2019-44782 // IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9 // CNVD: CNVD-2019-44782

AFFECTED PRODUCTS

vendor:siemensmodel:sppa-t3000 application serverscope: - version: -

Trust: 1.4

vendor:siemensmodel:sppa-t3000 application serverscope:ltversion:r8.2

Trust: 1.0

vendor:siemensmodel:sppa-t3000 application serverscope:eqversion:r8.2

Trust: 1.0

vendor:sppa t3000 application servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9 // CNVD: CNVD-2019-44782 // JVNDB: JVNDB-2019-013043 // NVD: CVE-2019-18332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18332
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18332
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44782
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-650
value: MEDIUM

Trust: 0.6

IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2019-18332
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44782
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-18332
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-18332
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9 // CNVD: CNVD-2019-44782 // JVNDB: JVNDB-2019-013043 // CNNVD: CNNVD-201912-650 // NVD: CVE-2019-18332

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

problemtype:CWE-287

Trust: 1.0

sources: JVNDB: JVNDB-2019-013043 // NVD: CVE-2019-18332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-650

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-650

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013043

PATCH
title:SSA-451445url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Trust: 0.8
title:Patch for Siemens SPPA-T3000 Information Disclosure Vulnerability (CNVD-2019-44782)url:https://www.cnvd.org.cn/patchInfo/show/193699
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44782 // 
            
            
            
            JVNDB: JVNDB-2019-013043

EXTERNAL IDS
db:NVDid:CVE-2019-18332
Trust: 3.2
db:SIEMENSid:SSA-451445
Trust: 2.2
db:ICS CERTid:ICSA-19-351-02
Trust: 1.4
db:CNVDid:CNVD-2019-44782
Trust: 0.8
db:CNNVDid:CNNVD-201912-650
Trust: 0.8
db:JVNDBid:JVNDB-2019-013043
Trust: 0.8
db:AUSCERTid:ESB-2019.4705
Trust: 0.6
db:IVDid:6DFD913C-48B0-4637-8953-5C1D060908E9
Trust: 0.2
sources:
            
            
            IVD: 6dfd913c-48b0-4637-8953-5c1d060908e9 // 
            
            
            
            CNVD: CNVD-2019-44782 // 
            
            
            
            JVNDB: JVNDB-2019-013043 // 
            
            
            
            CNNVD: CNNVD-201912-650 // 
            
            
            
            NVD: CVE-2019-18332

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Trust: 2.2
url:https://www.us-cert.gov/ics/advisories/icsa-19-351-02
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-18332
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18332
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.4705/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44782 // 
            
            
            
            JVNDB: JVNDB-2019-013043 // 
            
            
            
            CNNVD: CNNVD-201912-650 // 
            
            
            
            NVD: CVE-2019-18332

SOURCES
db:IVDid:6dfd913c-48b0-4637-8953-5c1d060908e9
db:CNVDid:CNVD-2019-44782
db:JVNDBid:JVNDB-2019-013043
db:CNNVDid:CNNVD-201912-650
db:NVDid:CVE-2019-18332

LAST UPDATE DATE
2024-08-14T13:25:14.529000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44782date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013043date:2019-12-26T00:00:00
db:CNNVDid:CNNVD-201912-650date:2022-02-25T00:00:00
db:NVDid:CVE-2019-18332date:2022-03-04T20:51:21.747

SOURCES RELEASE DATE
db:IVDid:6dfd913c-48b0-4637-8953-5c1d060908e9date:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44782date:2019-12-11T00:00:00
db:JVNDBid:JVNDB-2019-013043date:2019-12-19T00:00:00
db:CNNVDid:CNNVD-201912-650date:2019-12-12T00:00:00
db:NVDid:CVE-2019-18332date:2019-12-12T19:15:19.687