CVE-2019-18286

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Published: Dec 12, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-18286
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
siemens / sppa-t3000_application_server	r8.2-sp1	r8.2-sp1.x
siemens / sppa-t3000_application_server	r8.2	r8.2.x
siemens / sppa-t3000_application_server	-	r8.2

http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Vulnerability Database

289,697

CVE-2019-18286