CVE-2019-18287
Description
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Siemens SPPA-T3000 Application Server prior to R8.2 SP2 exposes directory listings and sensitive files, requiring access to the Application Highway for exploitation.
Vulnerability
The Siemens SPPA-T3000 Application Server, in all versions prior to Service Pack R8.2 SP2, exposes directory listings and files containing sensitive information [1]. This is a configuration or design weakness that allows unauthorized access to potentially confidential data on the server. The vulnerability is independent from CVE-2019-18286 [1].
Exploitation
To exploit this vulnerability, an attacker must have access to the Application Highway network [1]. Beyond this network requirement, no additional authentication or user interaction is mentioned in the available references [1]. The attacker can likely navigate directory listings to retrieve sensitive files by sending crafted HTTP requests to the application server, though the specific steps are not detailed in the source [1].
Impact
Successful exploitation leads to the disclosure of sensitive information [1]. The attacker gains unauthorized access to file contents and directory structures, compromising the confidentiality of the system. The available references do not specify escalation to privilege elevation or code execution [1].
Mitigation
Siemens has released Service Pack R8.2 SP2 to fix this vulnerability [1]. Users should upgrade to this version or later. As of the advisory publication date (2019-12-10 per Packet Storm), no public exploitation was known [1]. No workarounds are documented in the available references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < Service Pack R8.2 SP2
- Siemens/SPPA-T3000 Application Serverv5Range: All versions < Service Pack R8.2 SP2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.htmlmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-451445.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.