CVE-2019-18286
Description
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Siemens SPPA-T3000 Application Server before R8.2 SP2 exposes directory listings and sensitive files over the Application Highway.
Vulnerability
Siemens SPPA-T3000 Application Server, in all versions prior to Service Pack R8.2 SP2, contains a vulnerability where the Application Server exposes directory listings and files containing sensitive information [1]. An attacker must have network access to the Application Highway to reach the vulnerable endpoint.
Exploitation
To exploit this vulnerability, an attacker must have network access to the Application Highway component. No additional authentication or user interaction is required beyond that access [1]. Once access is established, the attacker can enumerate directories and retrieve sensitive files by sending requests to the exposed endpoints.
Impact
Successful exploitation allows an attacker to obtain sensitive information from the affected system, potentially including configuration data, credentials, or other internal details [1]. This disclosure can facilitate further attacks against the environment.
Mitigation
Siemens has released Service Pack R8.2 SP2 to address this vulnerability; all customers should upgrade to this version or later [1]. At the time of advisory publication, no public exploitation was known and the vulnerability was not listed on CISA's KEV [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < Service Pack R8.2 SP2
- Siemens/SPPA-T3000 Application Serverv5Range: All versions < Service Pack R8.2 SP2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.htmlmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-451445.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.