First published: Thu Dec 12 2019(Updated: )
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Sppa-t3000 Ms3000 Migration Server |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-18328 has been assigned a high severity rating due to its potential to cause Denial-of-Service and remote code execution.
To mitigate CVE-2019-18328, apply any available patches from Siemens or restrict network access to the MS3000 Server.
CVE-2019-18328 affects all versions of the Siemens SPPA-T3000 MS3000 Migration Server.
Yes, CVE-2019-18328 can potentially allow an attacker to gain remote code execution through crafted packets.
CVE-2019-18328 can be exploited to execute a Denial-of-Service attack against the MS3000 Server.