CVE-2019-19291
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C
Summary
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | Control Center Server (CCS) | All versions < V1.5.0 | affected |
| Siemens | SiNVR/SiVMS Video Server | All versions < V5.0.0 | affected |
Weaknesses
- CWE-313: CWE-313: Cleartext Storage in a File or on Disk
ADP Enrichment
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.