CVE-2019-18308
First published: Thu Dec 12 2019(Updated: )
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Sppa-t3000 Ms3000 Migration Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-18308?
CVE-2019-18308 is rated as a high severity vulnerability due to the potential for attackers to gain root privileges.
How do I fix CVE-2019-18308?
To mitigate CVE-2019-18308, ensure that access to the SPPA-T3000 MS3000 Migration Server is limited to trusted users only.
Who is affected by CVE-2019-18308?
CVE-2019-18308 affects all versions of the Siemens SPPA-T3000 MS3000 Migration Server.
What type of access is required to exploit CVE-2019-18308?
An attacker needs local access and a low privileged user account to exploit CVE-2019-18308.
Can CVE-2019-18308 be exploited remotely?
CVE-2019-18308 cannot be exploited remotely as it requires local access to the affected server.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/siemens
- canonical/siemens sppa-t3000 ms3000 migration server