CVE-2019-18342 vulnerability in Siemens Products
Published on December 12, 2019
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.
Weakness Type
Exposed Dangerous Method or Function
The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
Products Associated with CVE-2019-18342
Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.
Affected Versions
Siemens Control Center Server (CCS) Version All versions < V1.5.0 is affected by CVE-2019-18342Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.