CVE-2019-18342 – This vulnerability in Siemens Control Center Se... (How to Fix)

Q: How do I fix CVE-2019-18342?

1. Download CCS V1.5.0 or later from Siemens support portal. 2. Backup current configuration and data. 3. Install the updated version following Siemens installation guide. 4. Restart the CCS service.

Q: What is the severity of CVE-2019-18342?

CVE-2019-18342 has a CVSS score of 9.9 (CRITICAL). This vulnerability in Siemens Control Center Server (CCS) allows unauthenticated remote attackers with network access to read or delete arbitrary files and access other server resources via the SFTP service. It affects all CCS versions before V1.5.0 when combined with CVE-2019-18341. Organizations using vulnerable CCS installations are at risk.

📋 TL;DR

This vulnerability in Siemens Control Center Server (CCS) allows unauthenticated remote attackers with network access to read or delete arbitrary files and access other server resources via the SFTP service. It affects all CCS versions before V1.5.0 when combined with CVE-2019-18341. Organizations using vulnerable CCS installations are at risk.

💻 Affected Systems

Products:

Siemens Control Center Server (CCS)

Versions: All versions < V1.5.0

Operating Systems: Not specified - likely various

Default Config Vulnerable: ⚠️ Yes

Notes: Requires network access to port 22/tcp (SFTP service) and exploitation of CVE-2019-18341 in conjunction.

📦 What is this software?

Control Center Server by Siemens

View all CVEs affecting Control Center Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including data theft, file deletion, and potential lateral movement to other systems on the network.

🟠

Likely Case

Unauthorized access to sensitive files, configuration data, and potential disruption of control center operations.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH - Direct internet exposure allows unauthenticated attackers to exploit this vulnerability remotely.

🏢 Internal Only: HIGH - Even internally, any network access to the vulnerable service enables exploitation without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires combining with CVE-2019-18341, but both vulnerabilities are unauthenticated and have low complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V1.5.0 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

Restart Required: Yes

Instructions:

1. Download CCS V1.5.0 or later from Siemens support portal. 2. Backup current configuration and data. 3. Install the updated version following Siemens installation guide. 4. Restart the CCS service.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to CCS SFTP service (port 22/tcp) to only trusted systems.

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_IP" port protocol="tcp" port="22" accept'
firewall-cmd --reload

Disable SFTP Service

linux

Temporarily disable the vulnerable SFTP service if not required for operations.

systemctl stop sftp-service
systemctl disable sftp-service

🧯 If You Can't Patch

Implement strict network access controls to limit connections to CCS SFTP service only from trusted IP addresses.
Monitor network traffic to CCS port 22/tcp for suspicious activity and implement intrusion detection rules.

🔍 How to Verify

Check if Vulnerable:

Check CCS version via web interface or configuration files. If version is below V1.5.0 and SFTP service is running on port 22, system is vulnerable.

Check Version:

Check CCS web interface or configuration files for version information (specific command depends on installation).

Verify Fix Applied:

Verify CCS version is V1.5.0 or later and test that SFTP service properly restricts file access to authorized directories only.

📡 Detection & Monitoring

Log Indicators:

Unusual SFTP connections from unexpected IP addresses
Failed or successful file access attempts outside normal directories
Multiple connection attempts to port 22

Network Indicators:

Unusual traffic patterns to CCS port 22/tcp
SFTP connections from unauthorized network segments
File transfer patterns inconsistent with normal operations

SIEM Query:

source="ccs_logs" AND (port=22 OR protocol="sftp") AND (src_ip NOT IN ["trusted_ips"])

📊 Metadata

CVE ID: CVE-2019-18342

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-749

Published: December 12, 2019

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf Not Applicable,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf Not Applicable,Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-18342, you might also want to check these: