Unrated severityNVD Advisory· Published Dec 12, 2019· Updated Aug 5, 2024

CVE-2019-18285

Description

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected products

Siemens Foundation/SPPA-T3000 Application Serverllm-fuzzy
Range: < R8.2 SP2
Siemens/SPPA-T3000 Application Serverv5
Range: All versions < Service Pack R8.2 SP2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.htmlmitrex_refsource_MISC
cert-portal.siemens.com/productcert/pdf/ssa-451445.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000