Main Vulnerability Database Vulnerabilities #VU23730

#VU23730 Improper access control in SPPA-T3000 MS3000 Migration Server - CVE-2019-18308

Published: December 19, 2019

Vulnerability identifier: #VU23730

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-18308

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SPPA-T3000 MS3000 Migration Server

Software vendor:
Siemens

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to improper access restrictions. A local user can manipulate specific files in the local file system and gain gain root privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

#VU23730 Improper access control in SPPA-T3000 MS3000 Migration Server - CVE-2019-18308

Description

Remediation

External links

Please verify you're human