Unrated severityNVD Advisory· Published Dec 12, 2019· Updated Aug 5, 2024

CVE-2019-18288

Description

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected products

Siemens Foundation/SPPA-T3000 Application Serverllm-fuzzy
Range: < R8.2 SP2
Siemens/SPPA-T3000 Application Serverv5
Range: All versions < Service Pack R8.2 SP2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.htmlmitrex_refsource_MISC
cert-portal.siemens.com/productcert/pdf/ssa-451445.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000