CVE-2019-18308 - AskarLabs CVE Database

CVE-2019-18308

Vendor Siemens

Product SPPA-T3000 MS3000 Migration Server

Weakness CWE-284

Published December 12, 2019

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Key dates

02Disclosure timeline

December 12, 2019 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-18308

Related vulnerabilities

04Related CVE

CVE-2025-3082 User may override a view's collation and gain unauthorized access to underlying data CVE-2025-2990 Tenda FH1202 Web Management Interface AdvSetWrlGstset access control CVE-2026-40304 zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records CVE-2024-21667 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing