CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18342

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.0880%
EPSS Percentile6.29th
PublishedDec 12, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.

Affected Platforms (CPE)

πŸ“¦
Siemens

Control Center Server

< 1.5.0

References & Advisories

πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

Related Vulnerabilities

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2019-183379.8

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contai...

CVE-2014-34409.0

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec D...

CVE-2019-192928.8

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contai...