CVE-2019-18297
Description
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local attacker with low privileges can gain root privileges on Siemens SPPA-T3000 MS3000 Migration Server via crafted packets to a named pipe.
Vulnerability
A vulnerability exists in Siemens SPPA-T3000 MS3000 Migration Server all versions. An attacker with local access and low privileges can send specially crafted packets to a named pipe, leading to privilege escalation to root. [1]
Exploitation
Exploitation requires local access to the MS3000 server and low privileges. The attacker crafts packets and sends them to a named pipe to trigger the vulnerability. No user interaction or additional authentication beyond local access is needed. [1]
Impact
Successful exploitation allows an attacker to gain root privileges on the system, resulting in full compromise of confidentiality, integrity, and availability. [1]
Mitigation
At the time of advisory publication (December 2019), no public exploitation was known. No patch or workaround has been released. Users should restrict local access to the MS3000 server. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: All versions
- Siemens/SPPA-T3000 MS3000 Migration Serverv5Range: All versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.htmlmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-451445.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.