CVE-2019-18320
12.12.2019, 19:15
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.Enginsight
| Vendor | Product | Version |
|---|---|---|
| siemens | sppa-t3000_application_server | 𝑥 < r8.2 |
| siemens | sppa-t3000_application_server | r8.2 |
| siemens | sppa-t3000_application_server | r8.2:sp1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-434 - Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.