CVE Tools
Sign in

CVE-2018-4832

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 ...

Published: Apr 24, 2018Updated: Nov 21, 2024 Sources: CVE List NVD BDU csafCWE-20
NVD MITRE
7.5CVSSHIGH
EPSS Score
2.5%
Top 17.6%
CISA KEV
Not in KEV
Exploits
1 Known
Remediation
Patch Available

Description

SPPA-T3000 Application Server and MS3000 Migration Server are affected by multiple vulnerabilities. Some of the vulnerabilities can allow an attacker to execute arbitrary code on the server. Exploitation of the vulnerabilities described in this advisory requires access to either Application- or Automation Highway. Both highways should not be exposed if the environment has been set up according to the recommended system configuration in the SPPA-T3000 security manual. In this case Siemens Energy considers the environmental score as CR:L/IR:L/AR:H/MAV:A for vulnerabilities related to the Application Server and CR:L/IR:L/AR:M/MAV:A for vulnerabilities related to the Migration Server. Siemens Energy provides a service pack to fix vulnerabilities on the Application Server and recommends configurations to mitigate the vulnerabilities in the Migration Server. Detailed information will be available for SPPA-T3000 customers in the Siemens Energy Customer Portal (https://cep.siemens-energy.com/).

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:NI:NA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-20

Affected Products

openpcs 7siemensICS / OT / IoT
simatic batchsiemensICS / OT / IoT
simatic net pcsiemensICS / OT / IoT
simatic pcs 7siemensICS / OT / IoT
simatic route controlsiemensICS / OT / IoT
siemenscommercialDEEnterprise Softwareaka siemens ag
and 37 more affected products View all →

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available
Workaround Available

MITRE ATT&CK

1 technique
Initial Access
View detailed technique mapping

References

https://cert-portal.siemens.com/productcert/csaf/ssa-451445.json
cert-portal.siemens.com
https://cert-portal.siemens.com/productcert/txt/ssa-451445.txt
cert-portal.siemens.com
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
cert-portal.siemens.com
and 68 more references View all →

Timeline

Published
Apr 24, 2018
Last Updated
Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2018-4832 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows