Vulnerability Description
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Control Center Server | < 1.5.0 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdfNot ApplicableVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdfNot ApplicableVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdfVendor Advisory
FAQ
What is CVE-2019-18342?
CVE-2019-18342 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabi...
How severe is CVE-2019-18342?
CVE-2019-18342 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18342?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Control Center Server.