{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T09:54:09.690","vulnerabilities":[{"cve":{"id":"CVE-2019-18285","sourceIdentifier":"productcert@siemens.com","published":"2019-12-12T19:15:15.623","lastModified":"2024-11-21T04:32:58.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en SPPA-T3000 Application Server (Todas las versiones anteriores a la versión Service Pack R8.2 SP2). La comunicación RMI entre el cliente y el Application Server no está cifrada. Un atacante con acceso al canal de comunicación puede leer las credenciales de un usuario válido. Tenga en cuenta que un atacante necesita tener acceso a Application Highway a fin de explotar esta vulnerabilidad. Al momento de la publicación del aviso, no era conocida la explotación pública de esta vulnerabilidad de seguridad"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sppa-t3000_application_server:*:*:*:*:*:*:*:*","versionEndExcluding":"r8.2","matchCriteriaId":"5CE233B0-3F20-4FA8-8E26-CCC3E21E49E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sppa-t3000_application_server:r8.2:-:*:*:*:*:*:*","matchCriteriaId":"4EBA7673-3A24-4DF7-9D9C-4B863863083C"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sppa-t3000_application_server:r8.2:sp1:*:*:*:*:*:*","matchCriteriaId":"D0975E8C-C34F-4BD2-B4CF-41E5FBFD8A12"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html","source":"productcert@siemens.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf","source":"productcert@siemens.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}