SSA-451445 (Last Update: 2019-12-10): Multiple Vulnerabilities in SPPA-T3000

Published

2019-12-10 00:00:00 UTC

Summary

SPPA-T3000 Application Server and MS3000 Migration Server are affected by multiple vulnerabilities. Some of the vulnerabilities can allow an attacker to execute arbitrary code on the server. Exploitation of the vulnerabilities described in this advisory requires access to either Application- or Automation Highway. Both highways should not be exposed if the environment has been set up according to the recommended system configuration in the Siemens SPPA-T3000 security manual.

In this case Siemens consideres the environmental score as CR:L/IR:L/AR:H/MAV:A for vulnerabilities related to the Application Server and CR:L/IR:L/AR:M/MAV:A for vulnerabilities related to the Migration Server.

Siemens is working on updates and recommends specific countermeasures until fixes are available.