SSA-451445 (Last Update: 2020-03-10): Multiple Vulnerabilities in SPPA-T3000

Published

2020-03-10 00:00:00 UTC

Summary

SPPA-T3000 Application Server and MS3000 Migration Server are affected by multiple vulnerabilities. Some of the vulnerabilities can allow an attacker to execute arbitrary code on the server. Exploitation of the vulnerabilities described in this advisory requires access to either Application- or Automation Highway. Both highways should not be exposed if the environment has been set up according to the recommended system configuration in the Siemens SPPA-T3000 security manual.

In this case Siemens considers the environmental score as CR:L/IR:L/AR:H/MAV:A for vulnerabilities related to the Application Server and CR:L/IR:L/AR:M/MAV:A for vulnerabilities related to the Migration Server.

Siemens provides a service pack to fix vulnerabilities on the Application Server and recommends configurations to mitigate the vulnerabilities in the Migration Server. Detailed information will be available for SPPA-T3000 customers in the Siemens Energy Customer Portal.