CVE-2019-18297
First published: Thu Dec 12 2019(Updated: )
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Sppa-t3000 Ms3000 Migration Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-18297?
CVE-2019-18297 is classified as a high-severity vulnerability due to the potential for local privilege escalation.
How do I fix CVE-2019-18297?
To mitigate CVE-2019-18297, it is recommended to restrict local access to the MS3000 Server and apply security patches provided by Siemens.
Who is affected by CVE-2019-18297?
CVE-2019-18297 affects all versions of the Siemens SPPA-T3000 MS3000 Migration Server.
What type of vulnerability is CVE-2019-18297?
CVE-2019-18297 is a local privilege escalation vulnerability that allows low-privileged attackers to gain root access.
What needs to be done to exploit CVE-2019-18297?
An attacker must have local access to the MS3000 Server and send specifically crafted packets to a named pipe to exploit CVE-2019-18297.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- vendor/siemens
- canonical/siemens sppa-t3000 ms3000 migration server