LiveActive security incident?Get immediate response
CVE Record

CVE-2019-18338: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0).

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.

HighCVSS 7.7Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

CVE-2019-18338 lets a logged-in remote user read files or list directories outside the intended Siemens Control Center Server application area. The main business risk is unauthorized exposure of sensitive server files, not system takeover. Exposure depends on running CCS before V1.5.0 and allowing network access to the CCS service.

Executive priority

Treat this as a high-priority confidentiality issue for any Siemens CCS deployment. Prioritize internet- or broadly reachable servers, shared operational networks, and systems where local files may contain credentials, configuration, or operationally sensitive data.

Technical view

Siemens Control Center Server versions before V1.5.0 have a CWE-23 directory traversal flaw in the default XML-based communication protocol on TCP 5444 and 5440. An authenticated remote attacker with network reachability can list arbitrary directories or read files outside the CCS application context. CVSS 3.1 is 7.7, with high confidentiality impact.

Likely exposure

Likely exposed environments are Siemens CCS deployments below V1.5.0 where TCP 5444 or 5440 is reachable by users or networks that should not access the server. The source bundle does not identify specific downstream products or deployment prevalence.

Exploitation context

The CVE requires authentication, network access, and no user interaction. The bundle marks KEV as false and provides no cited evidence of active exploitation. Exploitability is still meaningful because attack complexity is low and confidentiality impact is high.

Researcher notes

Evidence is limited to the CVE record and Siemens advisory references in the bundle. The vulnerability is directory traversal in an XML-based CCS protocol, with authenticated remote reachability required. Do not assume unauthenticated exploitation, integrity impact, availability impact, or active exploitation without additional sourced evidence.

Mitigation direction

  • Identify all Siemens CCS instances and their installed versions.
  • Move affected CCS versions below V1.5.0 to a vendor-supported non-affected release.
  • Restrict TCP 5444 and 5440 access to trusted management networks only.
  • Review Siemens SSA-761617 and SSA-761844 for official update and hardening guidance.
  • Audit CCS user accounts and remove unnecessary authenticated access.

Validation and detection

  • Confirm whether each CCS server is running a version below V1.5.0.
  • Verify TCP 5444 and 5440 are not exposed beyond required trusted networks.
  • Review logs for unusual authenticated file-read or directory-listing activity.
  • Check that CCS access is limited to expected users and service accounts.
Prepared
Confidence
high
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-23: File access and web shell behavior lookup

File traversal and upload weaknesses can lead teams to review file, web shell, execution, and collection telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

File access behavior lookup

The CVE wording references file access or upload behavior, so file telemetry and web shell review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-18338 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.7 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
3Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.7CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C3.14Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

7.7High
CVSS 3.1 vector shape for CVE-2019-18338Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
SiemensControl Center Server (CCS)All versions < V1.5.0unknown
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-23 · source CWE mapping

Relative Path Traversal

Relative Path Traversal represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.