CVE-2019-18318

CWE-287 — Improper Authentication3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sppa-t3000 Application Server

Timeline

PublishedDec 12

Latest updateMay 24

Description

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDsiemens/sppa-t3000_application_server< r8.2+1

▶CVEListV5siemens/sppa-t3000_application_serverAll versions < Service Pack R8.2 SP2

🔴Vulnerability Details

GHSA

GHSA-8hq9-6jgm-qf6f: A vulnerability has been identified in SPPA-T3000 Application Server (All versions)↗2022-05-24

▶

CVEList

CVE-2019-18318: A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8↗2019-12-12

▶