CVE-2019-18290 : A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network acces

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Published 2019-12-12 19:15:16

Updated 2022-03-04 22:26:43

Source Siemens AG

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2019-18290

Probability of exploitation activity in the next 30 days: 0.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-18290

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-18290

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Assigned by: productcert@siemens.com (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-18290

https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf

Mitigation;Vendor Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html

Siemens Security Advisory - SPPA-T3000 Code Execution ≈ Packet Storm
Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2019-18290

Siemens » Sppa-t3000 Ms3000 Migration Server
cpe:2.3:a:siemens:sppa-t3000_ms3000_migration_server:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2019-18290

Exploit prediction scoring system (EPSS) score for CVE-2019-18290

CVSS scores for CVE-2019-18290

CWE ids for CVE-2019-18290

References for CVE-2019-18290

Products affected by CVE-2019-18290