Main Vulnerability Database Vulnerabilities #VU23731

#VU23731 Improper access control in SPPA-T3000 MS3000 Migration Server - CVE-2019-18309

Published: December 19, 2019

Vulnerability identifier: #VU23731

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-18309

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SPPA-T3000 MS3000 Migration Server

Software vendor:
Siemens

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to improper access restrictions. A local user can manipulate specific files in the local file system and gain gain root privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

#VU23731 Improper access control in SPPA-T3000 MS3000 Migration Server - CVE-2019-18309

Description

Remediation

External links

Please verify you're human