CVE-2019-18299

Current Description

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Referenced by CVEs:

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	NONE
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	5.0
Severity	MEDIUM
Exploitability Score	10.0
Impact Score	2.9
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

No data provided.

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	Application	Siemens	Sppa-t3000 Ms3000 Migration Server	*	*	*	*	*	*	*	*

Vendor	Product	Versions
Siemens	Sppa-t3000 Ms3000 Migration Server	*

Name	Source	URL	Tags
http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html	http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html	MISC	Third Party Advisory VDB Entry
N/A	https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf	CONFIRM	Mitigation Vendor Advisory