CVE-2019-18338

High

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a…

siemens·CWE-23·Published 2019-12-12

CVSS

7.7

EPSS

0.03

KEV

Exploits

cve.orgen

452 chars

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.

NVDen

452 chars

NVDes

508 chars

Se ha identificado una vulnerabilidad en Control Center Server (CCS) (Todas las versiones anteriores a V1.5.0). El Servidor de Control Center (CCS) contiene una vulnerabilidad de traspaso de directorios en su protocolo de comunicación basado en XML proporcionado por defecto en los puertos 5444/tcp y 5440/tcp. Un atacante remoto autentificado con acceso a la red del servidor CCS podría explotar esta vulnerabilidad para listar directorios arbitrarios o leer archivos fuera del contexto de la aplicación CCS

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.1	Primary	cve.org	7.7	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C
3.1	Primary	cve.org	7.7	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C
3.1	Secondary	NVD	7.7	3.1	4.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
3.1	Secondary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N