CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
94.8%
This updated advisory is a follow-up to the original advisory titled ICSA-19-351-02 Siemens SPPA-T3000 that was published December 17, 2019, to the ICS webpage on us-cert.gov.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the server, cause a denial-of-service condition, view and modify passwords, gain root privileges, access sensitive information, and read and write arbitrary files on the local system.
Siemens reports the vulnerabilities affect the following SPPA-T3000 products:
--------- Begin Update A Part 1 of 2 ---------
--------- End Update A Part 1 of 2 ---------
Note that an attacker must have network access to the Application Server, MS3000, or access to the Application Highway in order to exploit these vulnerabilities.
Specially crafted messages sent to the RPC service of the affected products could cause a denial-of-service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality.
CVE-2018-4832 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specially crafted objects to one of its functions.
CVE-2019-18283 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords.
CVE-2019-18284 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user.
CVE-2019-18285 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).
The Application Server exposes directory listings and files containing sensitive information.
CVE-2019-18286 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
The Application Server exposes directory listings and files containing sensitive information.
CVE-2019-18287 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
An attacker with valid authentication at the RMI interface could gain remote code execution through an unsecured file upload.
CVE-2019-18288 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18289, has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18290 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18291 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18292 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18293 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18294 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18295 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18296 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specially crafted packets to a named pipe.
CVE-2019-18297 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18298 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18299 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18300 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18301 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18302 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18303 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18304 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18305 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18306 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18307 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system.
CVE-2019-18308 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system.
CVE-2019-18309 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 7061/TCP.
CVE-2019-18310 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An attacker with network access to the MS3000 Server could trigger a denial-of-service condition by sending specially crafted packets to Port 7061/TCP.
CVE-2019-18311 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An attacker with network access to the MS3000 Server could be able to enumerate running RPC services.
CVE-2019-18312 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
An attacker with network access to the MS3000 Server could gain remote code execution by sending specially crafted objects to one of the RPC services.
CVE-2019-18313 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the Application Server could gain remote code execution by sending specially crafted objects via RMI.
CVE-2019-18314 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the Application Server could gain remote code execution by sending specially crafted packets to Port 8888/TCP.
CVE-2019-18315 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the Application Server could gain remote code execution by sending specially crafted packets to Port 1099/TCP.
CVE-2019-18316 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the Application Server could cause a denial-of-service condition by sending specially crafted objects via RMI.
CVE-2019-18317 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An attacker with network access to the Application Server could cause a denial-of-service condition by sending specially crafted objects via RMI.
CVE-2019-18318 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An attacker with network access to the Application Server could cause a denial-of-service condition by sending specially crafted objects via RMI.
CVE-2019-18319 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An attacker with network access to the Application Server could be able to upload arbitrary files without authentication.
CVE-2019-18320 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local system by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18321 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local system by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18322 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18323 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18324 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18325 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18326 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18327 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18328 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18329 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the MS3000 Server could cause a denial-of-service condition and gain remote code execution by sending specially crafted packets to Port 5010/TCP.
CVE-2019-18330 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specially crafted packets to Port 1099/TCP.
CVE-2019-18331 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
An attacker with network access to the Application Server could gain access to directory listings of the server by sending specially crafted packets to Port 80/TCP, 8095/TCP, or 8080/TCP.
CVE-2019-18332 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
An attacker with network access to the Application Server could gain access to filenames on the server by sending specially crafted packets to Port 8090/TCP.
CVE-2019-18333 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
An attacker with network access to the Application Server could be able to enumerate valid usernames by sending specially crafted packets to Port 8090/TCP.
CVE-2019-18334 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specially crafted packets to Port 80/TCP.
CVE-2019-18335 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Gleb Gritsai, Eugenie Potseluevskaya, Sergey Andreev, and Radu Motspan from Kaspersky Lab; Vyacheslav Moskvin, and Ivan B from Positive Technologies; and Can Demirel from Biznet Bilisim Sistemleri ve Danışmanlık reported these vulnerabilities to Siemens.
--------- Begin Update A Part 2 of 2 ---------
Siemens recommends users upgrade SPPA-T3000 Application Server to SPPAT3000 Service Pack R8.2 SP2 to resolve vulnerabilities in the Application Server. Please contact a Siemens service management organization to obtain the update. For the Migration Server, Siemens recommends following the configuration recommendations for SPPAT3000 MS3000 in Siemens customer portal to mitigate these vulnerabilities.
--------- End Update A Part 2 of 2 ---------
As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens’ operational guidelines for industrial security (download: <https://www.siemens.com/cert/operational-guidelines-industrial-security>) and follow the recommendations in the product manuals. Additional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity>
For more information, please see Siemens Security Advisory SSA-451445.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4832
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18283
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18284
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18285
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18286
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18287
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18288
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18289
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18290
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18291
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18292
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18293
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18294
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18295
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18296
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18297
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18298
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18299
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18300
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18301
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18302
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18303
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18304
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18305
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18306
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18307
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18308
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18309
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18310
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18311
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18312
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18313
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18314
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18315
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18316
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18317
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18318
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18319
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18320
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18321
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18322
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18323
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18324
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18325
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18326
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18327
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18328
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18329
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18330
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18331
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18332
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18333
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18334
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18335
cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-19-351-02
cwe.mitre.org/data/definitions/121.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/125.html
cwe.mitre.org/data/definitions/125.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/200.html
cwe.mitre.org/data/definitions/200.html
cwe.mitre.org/data/definitions/200.html
cwe.mitre.org/data/definitions/200.html
cwe.mitre.org/data/definitions/200.html
cwe.mitre.org/data/definitions/284.html
cwe.mitre.org/data/definitions/284.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/319.html
cwe.mitre.org/data/definitions/434.html
cwe.mitre.org/data/definitions/434.html
cwe.mitre.org/data/definitions/502.html
cwe.mitre.org/data/definitions/502.html
cwe.mitre.org/data/definitions/952.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Siemens%20SPPA-T3000%20%28Update%20A%29+https://www.cisa.gov/news-events/ics-advisories/icsa-19-351-02
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-19-351-02&title=Siemens%20SPPA-T3000%20%28Update%20A%29
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-19-351-02
www.oig.dhs.gov/
www.siemens.com/cert/operational-guidelines-industrial-security
www.siemens.com/industrialsecurity
www.us-cert.gov/ics
www.us-cert.gov/ics
www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01
www.us-cert.gov/ics/recommended-practices
www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B
www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Siemens%20SPPA-T3000%20%28Update%20A%29&body=www.cisa.gov/news-events/ics-advisories/icsa-19-351-02
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
94.8%