CVE-2019-19291

Summary

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.

Affected Software

VendorProductVersion RangeStatus
SiemensControl Center Server (CCS)All versions < V1.5.0affected
SiemensSiNVR/SiVMS Video ServerAll versions < V5.0.0affected

Weaknesses

  • CWE-313: CWE-313: Cleartext Storage in a File or on Disk

ADP Enrichment

CVE Program Container

Additional References

References