PT-2019-15340 · Siemens · Sppa-T3000 Application Server

Publicado

2019-12-12

Atualizado

2022-03-04

CVE-2019-18320

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SPPA-T3000 Application Server versions prior to Service Pack R8.2 SP2

Description A security issue has been identified that allows an attacker with network access to upload arbitrary files without authentication. The attacker must have network access to the Application Server to exploit this issue. There are no known public exploits of this security issue at the time of advisory publication.

Recommendations For versions prior to Service Pack R8.2 SP2, update to Service Pack R8.2 SP2 or later to resolve the issue. As a temporary workaround, consider restricting network access to the Application Server to minimize the risk of exploitation.

Correção

Improper Authentication

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-434

Identificadores relacionados

CVE-2019-18320

Produtos afetados

Sppa-T3000 Application Server

PT-2019-15340 · Siemens · Sppa-T3000 Application Server

CVE-2019-18320

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3