SB2019121918 - Multiple vulnerabilities in Siemens SPPA-T3000
Published: December 19, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 51 secuirty vulnerabilities.
1) Improper Authentication (CVE-ID: CVE-2019-18319)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in authentication process. A remote attacker can send specially crafted objects via RMI, bypass authentication process and cause a denial of service (DoS) condition on the target system.
2) Improper Authentication (CVE-ID: CVE-2019-18318)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in authentication process. A remote attacker can send specially crafted objects via RMI, bypass authentication process and cause a denial of service (DoS) condition on the target system.
3) Improper Authentication (CVE-ID: CVE-2019-18320)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in authentication process. A remote attacker can bypass authentication process and upload arbitrary files on the target system.
4) Improper Authentication (CVE-ID: CVE-2019-18321)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in authentication process. A remote attacker can send specially crafted packets to Port 5010/TCP, bypass authentication process and read and write arbitrary files on the local system.
5) Improper Authentication (CVE-ID: CVE-2019-18322)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in authentication process. A remote attacker can send specially crafted packets to Port 5010/TCP, bypass authentication process and read and write arbitrary files on the local system.
6) Improper Authentication (CVE-ID: CVE-2019-18317)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in authentication process. A remote attacker can send specially crafted objects via RMI, bypass authentication process and cause a denial of service (DoS) condition on the target system.
7) Deserialization of Untrusted Data (CVE-ID: CVE-2019-18316)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can send specially crafted packets to Port 1099/TCP and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Information disclosure (CVE-ID: CVE-2019-18312)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a missing permissions check. A remote attacker can be able to enumerate running RPC services.
9) Improper Input Validation (CVE-ID: CVE-2019-18311)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can send specially crafted packets to Port 7061/TCP and cause a denial of service condition on the target system.
10) Arbitrary file upload (CVE-ID: CVE-2019-18313)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file uploads. A remote attacker can send specially crafted objects to one of the RPC services and upload and execute arbitrary file on the server.
11) Improper Authentication (CVE-ID: CVE-2019-18314)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in authentication process. A remote attacker can send specially crafted objects via RMI, bypass authentication process and execute arbitrary code on the target system.
12) Improper Authentication (CVE-ID: CVE-2019-18315)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in authentication process. A remote attacker can send specially crafted objects to Port 8888/TCP, bypass authentication process and execute arbitrary code on the target system.
13) Heap-based buffer overflow (CVE-ID: CVE-2019-18323)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow, cause a denial of service (DoS) condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Heap-based buffer overflow (CVE-ID: CVE-2019-18324)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow, cause a denial of service (DoS) condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Information disclosure (CVE-ID: CVE-2019-18332)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation. A remote attacker can send specially crafted packets to Port 80/TCP, 8095/TCP, or 8080/TCP and gain access to directory listings of the server.
16) Information disclosure (CVE-ID: CVE-2019-18335)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation. A remote attacker can send specially crafted packets to Port 80/TCP and gain access to logs and configuration files.
17) Heap-based buffer overflow (CVE-ID: CVE-2019-18330)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow, cause a denial of service (DoS) condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Heap-based buffer overflow (CVE-ID: CVE-2019-18326)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow, cause a denial of service (DoS) condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Heap-based buffer overflow (CVE-ID: CVE-2019-18325)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow, cause a denial of service (DoS) condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Heap-based buffer overflow (CVE-ID: CVE-2019-18327)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow, cause a denial of service (DoS) condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Heap-based buffer overflow (CVE-ID: CVE-2019-18328)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow, cause a denial of service (DoS) condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Heap-based buffer overflow (CVE-ID: CVE-2019-18329)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow, cause a denial of service (DoS) condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Stack-based buffer overflow (CVE-ID: CVE-2019-18310)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can send specially crafted packets to Port 7061/TCP, trigger stack-based buffer overflow and cause a denial of service condition on the target system.
24) Improper access control (CVE-ID: CVE-2019-18309)
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to improper access restrictions. A local user can manipulate specific files in the local file system and gain gain root privileges.
25) Heap-based buffer overflow (CVE-ID: CVE-2019-18292)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow and cause a denial of service condition on the target system.
26) Heap-based buffer overflow (CVE-ID: CVE-2019-18291)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow and cause a denial of service condition on the target system.
27) Heap-based buffer overflow (CVE-ID: CVE-2019-18293)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger a denial-of-service condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Heap-based buffer overflow (CVE-ID: CVE-2019-18294)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow and cause a denial of service condition on the target system.
29) Heap-based buffer overflow (CVE-ID: CVE-2019-18295)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger a denial-of-service condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Heap-based buffer overflow (CVE-ID: CVE-2019-18290)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger heap-based buffer overflow and cause a denial of service condition on the target system.
31) Heap-based buffer overflow (CVE-ID: CVE-2019-18289)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger a denial-of-service condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Cleartext transmission of sensitive information (CVE-ID: CVE-2019-18285)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information between the client and the Application Server. A remote attacker with access to the communication channel can read credentials of a valid user.
Note: An attacker needs to have access to the Application Highway in order to exploit this vulnerability.
33) Improper Authentication (CVE-ID: CVE-2019-18284)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the AdminService is available without authentication on the Application Server. A remote attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords.
Note: An attacker needs to have access to the Application Highway in order to exploit this vulnerability
34) Directory listing (CVE-ID: CVE-2019-18286)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the Application Server exposes directory listings and files containing sensitive information. A remote attacker can gain unauthorized access to sensitive information on the system.
Note: An attacker needs to have access to the Application Highway in order to exploit this vulnerability.
35) Information disclosure (CVE-ID: CVE-2019-18287)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the Application Server exposes directory listings and files containing sensitive information. A remote attacker can gain unauthorized access to sensitive information on the system.
Note: An attacker needs to have access to the Application Highway in order to exploit this vulnerability.
36) Arbitrary file upload (CVE-ID: CVE-2019-18288)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file uploads. A remote authenticated attacker can upload and execute arbitrary file on the target system.
Note: an attacker needs to have access to the Application Highway in order to exploit this vulnerability.
37) Heap-based buffer overflow (CVE-ID: CVE-2019-18296)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger a denial-of-service condition and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
38) Heap-based buffer overflow (CVE-ID: CVE-2019-18297)
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to a boundary error. A local user can send a specially crafted packet to a named pipe, trigger heap-based buffer overflow and gain root privileges.
39) Integer overflow (CVE-ID: CVE-2019-18305)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger integer overflow and cause a denial of service condition on the target system.
40) Integer overflow (CVE-ID: CVE-2019-18304)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger integer overflow and cause a denial of service condition on the target system.
41) Out-of-bounds Read (CVE-ID: CVE-2019-18306)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger out-of-bounds read error and cause a denial of service condition on the target system.
42) Out-of-bounds Read (CVE-ID: CVE-2019-18307)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger out-of-bounds read error and cause a denial of service condition on the target system.
43) Improper access control (CVE-ID: CVE-2019-18308)
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to improper access restrictions. A local user can manipulate specific files in the local file system and gain gain root privileges.
44) Integer overflow (CVE-ID: CVE-2019-18303)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger integer overflow and cause a denial of service condition on the target system.
45) Integer overflow (CVE-ID: CVE-2019-18302)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger integer overflow and cause a denial of service condition on the target system.
46) Integer overflow (CVE-ID: CVE-2019-18298)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger integer overflow and cause a denial of service condition on the target system.
47) Integer overflow (CVE-ID: CVE-2019-18299)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger integer overflow and cause a denial of service condition on the target system.
48) Integer overflow (CVE-ID: CVE-2019-18300)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger integer overflow and cause a denial of service condition on the target system.
49) Integer overflow (CVE-ID: CVE-2019-18301)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send specially crafted packets to Port 5010/TCP, trigger integer overflow and cause a denial of service condition on the target system.
50) Deserialization of Untrusted Data (CVE-ID: CVE-2019-18283)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the AdminService is available without authentication on the Application Server. A remote attacker can send specially crafted objects to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: An attacker needs to have access to the Application Highway in order to exploit this vulnerability.
51) Improper input validation (CVE-ID: CVE-2018-4832)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper input validation. A remote attacker can send specially crafted messages to the RPC service of the affected products and cause denial-of-service condition on the remote and local communication functionality.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.