Lucene search

K
cve[email protected]CVE-2019-13919
HistorySep 13, 2019 - 5:15 p.m.

CVE-2019-13919

2019-09-1317:15:11
CWE-284
web.nvd.nist.gov
231
sinema remote connect server
vulnerability
cve-2019-13919
security
network access
information disclosure

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.7%

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected configurations

NVD
Node
siemenssinema_remote_connect_serverRange2.0
OR
siemenssinema_remote_connect_serverMatch2.0hf1

CNA Affected

[
  {
    "product": "SINEMA Remote Connect Server",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.0 SP1"
      }
    ]
  }
]

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.7%

Related for CVE-2019-13919