CVE-2019-19299

Summary

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.

Affected Software

VendorProductVersion RangeStatus
SiemensSiNVR/SiVMS Video ServerAll versions < V5.0.0affected
SiemensSiNVR/SiVMS Video ServerAll versions >= V5.0.0 < V5.0.2affected
SiemensSiNVR/SiVMS Video ServerAll versions >= V5.0.2affected

Weaknesses

  • CWE-326: CWE-326: Inadequate Encryption Strength

ADP Enrichment

CVE Program Container

Additional References

References