Lucene search

K
cve[email protected]CVE-2019-18342
HistoryDec 12, 2019 - 7:15 p.m.

CVE-2019-18342

2019-12-1219:15:20
CWE-749
web.nvd.nist.gov
33
2
cve-2019-18342
vulnerability
control center server
ccs
sftp
remote attacker
file access
security issue
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

55.2%

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server
(CCS) does not properly limit its capabilities to the specified purpose.

In conjunction with CVE-2019-18341, an unauthenticated remote attacker with
network access to the CCS server could exploit this vulnerability
to read or delete arbitrary files, or access other resources on the same
server.

Affected configurations

NVD
Node
siemenscontrol_center_serverRange<1.5.0

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "Control Center Server (CCS)",
    "versions": [
      {
        "version": "All versions < V1.5.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Social References

More

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

55.2%

Related for CVE-2019-18342