CVE-2019-18342

Published: Dec 12, 2019Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD (Secondary)

Description

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.

Affected (1)

Products: Siemens: Control Center Server

1 product

Control Center Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Control Center Server	Before 1.5.0

Related CWEs

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (4)

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

Source: productcert@siemens.com

Not ApplicableVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.