Siemens and PKE Control Center Server

2021-04-13T12:00:00

Description

## 1\. EXECUTIVE SUMMARY * **CVSS v3 9.9** * **ATTENTION: **Exploitable remotely/low attack complexity * **Vendors:** Siemens/PKE * **Equipment: **Control Center Server (CCS) * **Vulnerabilities: **Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky Cryptographic Algorithm, Exposed Dangerous Method or Function, Path Traversal, Cleartext Storage in a File or on Disk, SQL Injection, Cross-site Scripting, Insufficient Logging ## 2\. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to read and write arbitrary files and sensitive data and execute commands and arbitrary code. ## 3\. TECHNICAL DETAILS ### 3.1 AFFECTED PRODUCTS The following versions of CCS, a video management platform, are affected: * CCS: All versions prior to v1.5.0 * CCS: v1.5.0 and later are affected by [CVE-2019-18340](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340>) ### 3.2 VULNERABILITY OVERVIEW #### 3.2.1 [CLEARTEXT STORAGE OF SENSITIVE INFORMATION IN GUI CWE-317](<https://cwe.mitre.org/data/definitions/317.html>) The user configuration menu in the web interface of CCS transfers user passwords in clear to the client (browser). [CVE-2019-13947](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13947>) has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N>)). #### 3.2.2 [IMPROPER AUTHENTICATION CWE-287](<https://cwe.mitre.org/data/definitions/287.html>) CCS contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on Ports 5444/TCP and 5440/TCP. [CVE-2019-18337](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18337>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)). #### 3.2.3 [RELATIVE PATH TRAVERSAL CWE-23](<https://cwe.mitre.org/data/definitions/23.html>) CCS contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on Ports 5444/TCP and 5440/TCP. [CVE-2019-18338](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18338>) has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)). #### 3.2.4 [USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327](<https://cwe.mitre.org/data/definitions/327.html>) CCS stores user and device passwords by applying weak cryptography. [CVE-2019-18340](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)). #### 3.2.5 [IMPROPER AUTHENTICATION CWE-287](<https://cwe.mitre.org/data/definitions/287.html>) The SFTP service (default Port 22/TCP) of CCS contains an authentication bypass vulnerability. [CVE-2019-18341](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18341>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N>)). #### 3.2.6 [EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749](<https://cwe.mitre.org/data/definitions/749.html>) The SFTP service (default Port 22/TCP) of CCS does not properly limit its capabilities to the specified purpose. [CVE-2019-18342](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18342>) has been assigned to this vulnerability. A CVSS v3 base score of 9.9 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H>)). #### 3.2.7 [IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22](<https://cwe.mitre.org/data/definitions/22html>) A specific section in the web interface of CCS contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed. [CVE-2019-19290](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19290>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)). #### 3.2.8 [CLEARTEXT STORAGE IN A FILE OR ON DISK CWE-313](<https://cwe.mitre.org/data/definitions/313.html>) The FTP services of CCS maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service. [CVE-2019-19291](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19291>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N>)). #### 3.2.9 [IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89](<https://cwe.mitre.org/data/definitions/89.html>) CCS is vulnerable to an SQL injection in its XML-based communication protocol as provided by default on Ports 5444/TCP and 5440/TCP. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands. [CVE-2019-19292](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19292>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). #### 3.2.10 [IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79](<https://cwe.mitre.org/data/definitions/79.html>) The web interface of CCS contains a reflected cross-site scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface. [CVE-2019-19293](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19293>) has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N>)). #### 3.2.11 [IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79](<https://cwe.mitre.org/data/definitions/79.html>) The web interface of CCS contains multiple stored XSS vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content. [CVE-2019-19294](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19294>) has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N>)). #### 3.2.12 [INSUFFICIENT LOGGING CWE-778](<https://cwe.mitre.org/data/definitions/778.html>) CCS does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on Ports 5444/TCP and 5440/TCP. An authenticated remote attacker could exploit this vulnerability to perform covert actions not visible in the application log. [CVE-2019-19295](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19295>) has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N>)). ### 3.3 BACKGROUND * **CRITICAL INFRASTRUCTURE SECTORS:** Commercial Facilities * **COUNTRIES/AREAS DEPLOYED: **Worldwide * **COMPANY HEADQUARTERS LOCATION:** Germany ### 3.4 RESEARCHER Raphaël Rigo of Airbus Security Lab reported some of these vulnerabilities to Siemens. ## 4\. MITIGATIONS Siemens recommends users update to [v1.5.0 or later](<https://sivms.cloud/control-center-server-ccs/>). Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk: * General (applies to all vulnerabilities listed in this advisory) – Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems can access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider applying encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level). * Harden the CCS server to prevent local access by unauthorized users. * Disable the web interface of CCS if not used. Alternatively, restrict access from localhost only, or only to trusted hosts of CCS administrators. Enable TLS for the web interface of CCS. * Disable the FTP service of the CCS. As a general security measure Siemens strongly recommends protecting network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices to run the devices in a protected IT environment. For more information see [SSA-761844](<http://www.siemens.com/cert/advisories>) CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: * Monitor traffic on Ports 5444/TCP and 5440/TCP. * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>). * Locate control system networks and remote devices behind firewalls, and isolate them from the business network. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>). Additional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target these vulnerabilities.

{"id": "ICSA-21-103-10", "vendorId": null, "type": "ics", "bulletinFamily": "info", "title": "Siemens and PKE Control Center Server", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.9**\n * **ATTENTION: **Exploitable remotely/low attack complexity\n * **Vendors:** Siemens/PKE\n * **Equipment: **Control Center Server (CCS)\n * **Vulnerabilities: **Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky Cryptographic Algorithm, Exposed Dangerous Method or Function, Path Traversal, Cleartext Storage in a File or on Disk, SQL Injection, Cross-site Scripting, Insufficient Logging\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities may allow an attacker to read and write arbitrary files and sensitive data and execute commands and arbitrary code.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of CCS, a video management platform, are affected:\n\n * CCS: All versions prior to v1.5.0\n * CCS: v1.5.0 and later are affected by [CVE-2019-18340](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340>)\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [CLEARTEXT STORAGE OF SENSITIVE INFORMATION IN GUI CWE-317](<https://cwe.mitre.org/data/definitions/317.html>)\n\nThe user configuration menu in the web interface of CCS transfers user passwords in clear to the client (browser).\n\n[CVE-2019-13947](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13947>) has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N>)).\n\n#### 3.2.2 [IMPROPER AUTHENTICATION CWE-287](<https://cwe.mitre.org/data/definitions/287.html>)\n\nCCS contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on Ports 5444/TCP and 5440/TCP.\n\n[CVE-2019-18337](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18337>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.3 [RELATIVE PATH TRAVERSAL CWE-23](<https://cwe.mitre.org/data/definitions/23.html>)\n\nCCS contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on Ports 5444/TCP and 5440/TCP.\n\n[CVE-2019-18338](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18338>) has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)).\n\n#### 3.2.4 [USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327](<https://cwe.mitre.org/data/definitions/327.html>)\n\nCCS stores user and device passwords by applying weak cryptography.\n\n[CVE-2019-18340](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)).\n\n#### 3.2.5 [IMPROPER AUTHENTICATION CWE-287](<https://cwe.mitre.org/data/definitions/287.html>)\n\nThe SFTP service (default Port 22/TCP) of CCS contains an authentication bypass vulnerability.\n\n[CVE-2019-18341](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18341>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N>)).\n\n#### 3.2.6 [EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749](<https://cwe.mitre.org/data/definitions/749.html>)\n\nThe SFTP service (default Port 22/TCP) of CCS does not properly limit its capabilities to the specified purpose.\n\n[CVE-2019-18342](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18342>) has been assigned to this vulnerability. A CVSS v3 base score of 9.9 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H>)).\n\n#### 3.2.7 [IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u2018PATH TRAVERSAL\u2019) CWE-22](<https://cwe.mitre.org/data/definitions/22html>)\n\nA specific section in the web interface of CCS contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed.\n\n[CVE-2019-19290](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19290>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)).\n\n#### 3.2.8 [CLEARTEXT STORAGE IN A FILE OR ON DISK CWE-313](<https://cwe.mitre.org/data/definitions/313.html>)\n\nThe FTP services of CCS maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.\n\n[CVE-2019-19291](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19291>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N>)).\n\n#### 3.2.9 [IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89](<https://cwe.mitre.org/data/definitions/89.html>)\n\nCCS is vulnerable to an SQL injection in its XML-based communication protocol as provided by default on Ports 5444/TCP and 5440/TCP. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.\n\n[CVE-2019-19292](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19292>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.10 [IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\nThe web interface of CCS contains a reflected cross-site scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.\n\n[CVE-2019-19293](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19293>) has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N>)).\n\n#### 3.2.11 [IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\nThe web interface of CCS contains multiple stored XSS vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.\n\n[CVE-2019-19294](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19294>) has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N>)).\n\n#### 3.2.12 [INSUFFICIENT LOGGING CWE-778](<https://cwe.mitre.org/data/definitions/778.html>)\n\nCCS does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on Ports 5444/TCP and 5440/TCP. An authenticated remote attacker could exploit this vulnerability to perform covert actions not visible in the application log.\n\n[CVE-2019-19295](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19295>) has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Commercial Facilities\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\nRapha\u00ebl Rigo of Airbus Security Lab reported some of these vulnerabilities to Siemens.\n\n## 4\\. MITIGATIONS\n\nSiemens recommends users update to [v1.5.0 or later](<https://sivms.cloud/control-center-server-ccs/>).\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:\n\n * General (applies to all vulnerabilities listed in this advisory) \u2013 Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems can access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider applying encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).\n * Harden the CCS server to prevent local access by unauthorized users.\n * Disable the web interface of CCS if not used. Alternatively, restrict access from localhost only, or only to trusted hosts of CCS administrators. Enable TLS for the web interface of CCS.\n * Disable the FTP service of the CCS.\n\nAs a general security measure Siemens strongly recommends protecting network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices to run the devices in a protected IT environment.\n\nFor more information see [SSA-761844](<http://www.siemens.com/cert/advisories>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Monitor traffic on Ports 5444/TCP and 5440/TCP.\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n", "published": "2021-04-13T12:00:00", "modified": "2021-04-13T12:00:00", "epss": [{"cve": "CVE-2019-13947", "epss": 0.00057, "percentile": 0.2165, "modified": "2023-12-03"}, {"cve": "CVE-2019-18337", "epss": 0.01307, "percentile": 0.8433, "modified": "2023-12-03"}, {"cve": "CVE-2019-18338", "epss": 0.00158, "percentile": 0.52011, "modified": "2023-12-03"}, {"cve": "CVE-2019-18340", "epss": 0.00042, "percentile": 0.0573, "modified": "2023-12-03"}, {"cve": "CVE-2019-18341", "epss": 0.00144, "percentile": 0.49957, "modified": "2023-12-03"}, {"cve": "CVE-2019-18342", "epss": 0.00229, "percentile": 0.60827, "modified": "2023-12-03"}, {"cve": "CVE-2019-19290", "epss": 0.00291, "percentile": 0.65561, "modified": "2023-12-03"}, {"cve": "CVE-2019-19291", "epss": 0.00166, "percentile": 0.53117, "modified": "2023-12-03"}, {"cve": "CVE-2019-19292", "epss": 0.00099, "percentile": 0.40531, "modified": "2023-12-03"}, {"cve": "CVE-2019-19293", "epss": 0.00162, "percentile": 0.52682, "modified": "2023-12-03"}, {"cve": "CVE-2019-19294", "epss": 0.00066, "percentile": 0.27418, "modified": "2023-12-03"}, {"cve": "CVE-2019-19295", "epss": 0.00082, "percentile": 0.34212, "modified": "2023-12-03"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-10", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-10&title=Siemens%20and%20PKE%20Control%20Center%20Server", "https://twitter.com/intent/tweet?text=Siemens%20and%20PKE%20Control%20Center%20Server+https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-10", "https://www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-10", "mailto:?subject=Siemens%20and%20PKE%20Control%20Center%20Server&body=https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-10", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340", "https://cwe.mitre.org/data/definitions/317.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13947", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "https://cwe.mitre.org/data/definitions/287.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18337", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/23.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18338", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "https://cwe.mitre.org/data/definitions/327.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "https://cwe.mitre.org/data/definitions/287.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18341", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "https://cwe.mitre.org/data/definitions/749.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18342", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/22html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19290", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "https://cwe.mitre.org/data/definitions/313.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19291", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "https://cwe.mitre.org/data/definitions/89.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19292", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/79.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19293", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "https://cwe.mitre.org/data/definitions/79.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19294", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "https://cwe.mitre.org/data/definitions/778.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19295", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "https://sivms.cloud/control-center-server-ccs/", "http://www.siemens.com/cert/advisories", "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01", "https://us-cert.cisa.gov/ics/recommended-practices", "https://us-cert.cisa.gov/ics", "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://us-cert.cisa.gov/ics", "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-10", "https://www.facebook.com/CISA", "https://twitter.com/CISAgov", "https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency", "https://www.youtube.com/@cisagov", "https://www.instagram.com/cisagov", "https://www.dhs.gov/accessibility", "https://www.dhs.gov/performance-financial-reports", "https://www.dhs.gov", "https://www.dhs.gov/foia", "https://www.oig.dhs.gov/", "https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138", "https://www.whitehouse.gov/", "https://www.usa.gov/"], "cvelist": ["CVE-2019-13947", "CVE-2019-18337", "CVE-2019-18338", "CVE-2019-18340", "CVE-2019-18341", "CVE-2019-18342", "CVE-2019-19290", "CVE-2019-19291", "CVE-2019-19292", "CVE-2019-19293", "CVE-2019-19294", "CVE-2019-19295"], "immutableFields": [], "lastseen": "2023-12-03T17:25:18", "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-13947", "CVE-2019-18337", "CVE-2019-18338", "CVE-2019-18340", "CVE-2019-18341", "CVE-2019-18342", "CVE-2019-19290", "CVE-2019-19291", "CVE-2019-19292", "CVE-2019-19293", "CVE-2019-19294", "CVE-2019-19295"]}, {"type": "ics", "idList": ["ICSA-19-344-02", "ICSA-20-070-01"]}, {"type": "prion", "idList": ["PRION:CVE-2019-13947", "PRION:CVE-2019-18337", "PRION:CVE-2019-18338", "PRION:CVE-2019-18340", "PRION:CVE-2019-18341", "PRION:CVE-2019-18342", "PRION:CVE-2019-19290", "PRION:CVE-2019-19291", "PRION:CVE-2019-19292", "PRION:CVE-2019-19293", "PRION:CVE-2019-19294", "PRION:CVE-2019-19295"]}]}, "score": {"value": 8.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-13947", "CVE-2019-18337", "CVE-2019-18338", "CVE-2019-18340", "CVE-2019-18341", "CVE-2019-18342", "CVE-2019-19290", "CVE-2019-19291", "CVE-2019-19292", "CVE-2019-19293", "CVE-2019-19294", "CVE-2019-19295"]}, {"type": "ics", "idList": ["ICSA-13-011-01", "ICSA-13-149-01"]}, {"type": "threatpost", "idList": ["THREATPOST:134A95E2E7432DE5E6F46316E469C55B", "THREATPOST:75B109B5B464EBEE349E710C31FA89E1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-13947", "epss": 0.00057, "percentile": 0.21693, "modified": "2023-05-07"}, {"cve": "CVE-2019-18337", "epss": 0.00925, "percentile": 0.80656, "modified": "2023-05-07"}, {"cve": "CVE-2019-18338", "epss": 0.00164, "percentile": 0.51617, "modified": "2023-05-07"}, {"cve": "CVE-2019-18340", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2019-18341", "epss": 0.00144, "percentile": 0.48884, "modified": "2023-05-07"}, {"cve": "CVE-2019-18342", "epss": 0.00238, "percentile": 0.60377, "modified": "2023-05-07"}, {"cve": "CVE-2019-19290", "epss": 0.00303, "percentile": 0.65129, "modified": "2023-05-07"}, {"cve": "CVE-2019-19291", "epss": 0.00173, "percentile": 0.52948, "modified": "2023-05-07"}, {"cve": "CVE-2019-19292", "epss": 0.00099, "percentile": 0.39826, "modified": "2023-05-07"}, {"cve": "CVE-2019-19293", "epss": 0.00162, "percentile": 0.51458, "modified": "2023-05-07"}, {"cve": "CVE-2019-19294", "epss": 0.00066, "percentile": 0.27098, "modified": "2023-05-07"}, {"cve": "CVE-2019-19295", "epss": 0.00082, "percentile": 0.33574, "modified": "2023-05-07"}], "vulnersScore": 8.7}, "_state": {"dependencies": 1701624784, "score": 1701624428, "epss": 0}, "_internal": {"score_hash": "22bf30759cf0002c736ba465de3cac6b"}}

{"ics": [{"lastseen": "2023-12-03T17:25:30", "description": "## 1\\. EXECUTIVE SUMMARY\n\n**\\--------- Begin Update A Part 1 of 6 ---------**\n\n * **CVSS v3 9.8**\n * **ATTENTION: **Exploitable remotely/low attack complexity\n * **Vendors:** Siemens and PKE\n * **Equipment: **SiNVR, SiVMS Video Servers\n * **Vulnerabilities:** Missing Authentication for Critical Function, Weak Cryptography for Passwords\n\n**\\--------- End Update A Part 1 of 6 ---------**\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled ICSA-19-344-02 Siemens SiNVR 3 that was published December 10, 2019, to the ICS webpage on us-cert.cisa.gov.\n\n## 3\\. RISK EVALUATION\n\n**\\--------- Begin Update A Part 2 of 6 ---------**\n\nSuccessful exploitation of these vulnerabilities could allow an attacker to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext and configuration files.\n\n**\\--------- End Update A Part 2 of 6 ---------**\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\n**\\--------- Begin Update A Part 3 of 6 ---------**\n\nThe following versions of SiNVR/SiVMS Video Server, a video management solution, are affected:\n\n * ~~SiNVR 3 Central Control Server (CCS): all versions~~ Moved to SSA-761844 and [ICSA-21-103-10](<https://us-cert.cisa.gov/ics/advisories/icsa-21-103-10>)\n * SiNVR/SiVMS Video Server: All versions prior to v5.0.0\n * SiNVR/SiVMS Video Server: v5.0.0 and later is affected by [CVE-2019-18340](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340>)\n\n**\\--------- End Update A Part 3 of 6 ---------**\n\n### 4.2 VULNERABILITY OVERVIEW\n\n**\\--------- Begin Update A Part 4 of 6 ---------**\n\n[CVE-2019-13947](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13947>), [CVE-2019-18337](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18337>), [CVE-2019-18338](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18338>), [CVE-2019-18341](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18341>), and [CVE-2019-18342](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18342>) have been moved to SSA-761844 and [ICSA-21-103-10](<https://us-cert.cisa.gov/ics/advisories/icsa-21-103-10>).\n\n#### 4.2.1 [MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306](<https://cwe.mitre.org/data/definitions/306.html>)\n\nThe HTTP service (default specific port) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication.\n\n[CVE-2019-18339](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18339>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 4.2.2 [WEAK CRYPTOGRAPHY FOR PASSWORDS CWE-261](<https://cwe.mitre.org/data/definitions/261.html>)\n\nBoth the SiNVR 3 Video Server and the CCS store user and device passwords by applying weak cryptography.\n\n[CVE-2019-18340](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)).\n\n**\\--------- End Update A Part 4 of 6 ---------**\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Commercial Facilities\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 4.4 RESEARCHER\n\nRapha\u00ebl Rigo from Airbus Security Lab reported these vulnerabilities to Siemens.\n\n## 5\\. MITIGATIONS\n\n**\\--------- Begin Update A Part 5 of 6 ---------**\n\nSiemens recommends users to update to [v5.0.0 or later](<https://sivms.cloud/sivms-platform/>).\n\nSiemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:\n\n * General (applies to all vulnerabilities listed in this advisory) \u2013 Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems can access the configured server ports. Harden all systems accordingly to prevent unauthorized access.\n * CVE-2019-18339 - SiNVR/SiVMS deployments with active Control Center Server (CCS) should ensure that every video server and client have the Authorization Server set to \u201cControl Center Server\u201d (Configuration -> Appearance -> Desktop -> Authorization Server).\n * CVE-2019-18340 - Harden the Video Servers to prevent local access by unauthorized users.\n\n**\\--------- End Update A Part 5 of 6 ---------**\n\nAs a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u2019 operational guidelines for industrial security and to following the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity>\n\n**\\--------- Begin Update A Part 6 of 6 ---------**\n\nFor more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens security advisory [SSA-761617](<http://www.siemens.com/cert/advisories>) and the [PKE security advisory](<https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf>). \n\n**\\--------- End Update A Part 6 of 6 ---------**\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls and isolate them from the business network.\n * When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-14T12:00:00", "type": "ics", "title": "Siemens and PKE SiNVR, SiVMS Video Server (Update A)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13947", "CVE-2019-18337", "CVE-2019-18338", "CVE-2019-18339", "CVE-2019-18340", "CVE-2019-18341", "CVE-2019-18342"], "modified": "2021-04-14T12:00:00", "id": "ICSA-19-344-02", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-344-02", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:21:15", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.5**\n * **ATTENTION: **Exploitable remotely/low attack complexity\n * **Vendors: **Siemens and PKE\n * **Equipment: **SiNVR/SiVMS Video Server\n * **Vulnerabilities: **Cleartext Storage in a File or on Disk, Path Traversal, Improper Input Validation, Weak Cryptography for Passwords\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the advisory update titled ICSA-20-070-01 Siemens SiNVR 3 (Update A) that was published April 20, 2021, to the ICS webpage on us-cert.cisa.gov.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could result in unauthorized access to server data and possible denial-of-service conditions.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nThe following versions of SiNVR/SiVMS Video Server, a video management solution, are affected:\n\n * ~~SiNVR 3 Central Control Server (CCS): All versions ~~Moved to [SSA-761844](<https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf>) and [ICSA-21-103-10](<https://us-cert.cisa.gov/ics/advisories/icsa-21-103-10>)\n * SiNVR/SiVMS Video Server: All versions prior to v5.0.0\n * SiNVR/SiVMS Video Server: v5.0.0 and later is affected by [CVE-2019-19298](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19298>) and [CVE-2019-19299](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19299>)\n\n**\\--------- Begin Update B Part 1 of 2 ---------**\n\n * SiNVR/SiVMS Video Server: v5.0.0 and later is affected by [CVE-2019-19299](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19299>)\n\n**\\--------- End Update B Part 1 of 2 ---------**\n\n### 4.2 VULNERABILITY OVERVIEW\n\n[CVE-2019-19290](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19290>), [CVE-2019-19292](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19292>), [CVE-2019-19293](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19293>), [CVE-2019-19294](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19294>), and [CVE-2019-19295](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19295>) have been moved to [SSA-761844](<https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf>) and [ICSA-21-103-10](<https://us-cert.cisa.gov/ics/advisories/icsa-21-103-10>)\n\n#### 4.2.1 [CLEARTEXT STORAGE IN A FILE OR ON DISK CWE-313](<https://cwe.mitre.org/data/definitions/313.html>)\n\nThe FTP services of the SiNVR/SiVMS Video Server maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.\n\n[CVE-2019-19291](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19291>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N>)). \n\n#### 4.2.2 [PATH TRAVERSAL CWE-22](<https://cwe.mitre.org/data/definitions/22.html>)\n\nSuccessful exploitation could allow an authenticated remote attacker to access and download arbitrary files from the server if the FTP services are enabled.\n\n[CVE-2019-19296](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19296>) has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N>)).\n\n#### 4.2.3 [PATH TRAVERSAL CWE-22](<https://cwe.mitre.org/data/definitions/22.html>)\n\nSuccessful exploitation could allow an authenticated remote attacker to access and download arbitrary files from the server.\n\n[CVE-2019-19297](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19297>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N>)).\n\n#### 4.2.4 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nSuccessful exploitation could allow an unauthenticated remote attacker to cause a denial-of-service condition by sending malformed HTTP requests.\n\n[CVE-2019-19298](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19298>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 4.2.5 [USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327](<https://cwe.mitre.org/data/definitions/327.html>)\n\nThe affected product contains weak cryptography when exposing device passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.\n\n[CVE-2019-19299](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19299>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N>)).\n\n### 4.3 BACKGROUND\n\n\u2022 **CRITICAL INFRASTRUCTURE SECTORS: **Information Technology \n\u2022 **COUNTRIES/AREAS DEPLOYED:** Worldwide \n\u2022 **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 3.4 RESEARCHER\n\nSiemens reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\n**\\--------- Begin Update B Part 2 of 2 ---------**\n\nSiemens and PKE recommend users to update to [v5.0.0 or later](<https://sivms.cloud/sivms-platform/>).\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:\n\n * Apply ACL/firewall configuration on the video servers to ensure only legitimate systems can access the configured server ports.\n * Harden all systems accordingly to prevent unauthorized access.\n * Consider applying encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).\n * Disable the two FTP services of the video server.\n * The update to v5.0.2 also provides an additional authentication feature that allows users to protect access to the streaming service via individual account names and passwords for every stream recorder. Users are encouraged to configure this feature accordingly. For details, see the release notes of v5.0.2\n\n**\\--------- End Update B Part 2 of 2 ---------**\n\nAs a general security measure Siemens strongly recommends protecting network access to affected products with appropriate mechanisms. Siemens advises users to follow recommended security practices to run the devices in a protected IT environment.\n\nAdditional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity>\n\nFor more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens security advisory [SSA-844761](<https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf>) and [PKE security advisory](<https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf>). \n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n * Exercise principles of least privilege.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nCISA also recommends users take the following measures to protect themselves from social engineering attacks: \n\n * Do not click web links or open unsolicited attachments in email messages. \n * Refer to [Recognizing and Avoiding Email Scams](<https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf>) for more information on avoiding email scams. \n * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://www.us-cert.gov/ncas/tips/ST04-014>) for more information on social engineering attacks.\n\nNo known public exploits specifically target these vulnerabilities.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T12:00:00", "type": "ics", "title": "Siemens and PKE SiNVR/SiVMS Video Server (Update B)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19290", "CVE-2019-19291", "CVE-2019-19292", "CVE-2019-19293", "CVE-2019-19294", "CVE-2019-19295", "CVE-2019-19296", "CVE-2019-19297", "CVE-2019-19298", "CVE-2019-19299"], "modified": "2021-08-10T12:00:00", "id": "ICSA-20-070-01", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-070-01", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-22T02:07:25", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-12T19:15:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18341", "CVE-2019-18342"], "modified": "2021-11-03T16:43:00", "id": "PRION:CVE-2019-18342", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-18342", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T02:08:45", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-03-10T20:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19293"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-19293", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-19293", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T02:08:47", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-10T20:15:00", "type": "prion", "title": "Path traversal", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19290"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-19290", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-19290", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:08:46", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-03-10T20:15:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19294"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-19294", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-19294", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T01:59:56", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-12T19:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13947"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-13947", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-13947", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:08:46", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-10T20:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19291"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-19291", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-19291", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:08:46", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-03-10T20:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19295"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-19295", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-19295", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T02:08:45", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-10T20:15:00", "type": "prion", "title": "Sql injection", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19292"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-19292", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-19292", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T02:07:24", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-12T19:15:00", "type": "prion", "title": "Directory traversal", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18338"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-18338", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-18338", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:07:23", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-12T19:15:00", "type": "prion", "title": "Authentication flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18337"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-18337", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-18337", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:07:24", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-12T19:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18340"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-18340", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-18340", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-22T02:07:24", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-12-12T19:15:00", "type": "prion", "title": "Authentication flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18341"], "modified": "2021-04-22T21:15:00", "id": "PRION:CVE-2019-18341", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2019-18341", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-12-03T15:10:02", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-12T19:15:00", "type": "cve", "title": "CVE-2019-18342", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18341", "CVE-2019-18342"], "modified": "2021-11-03T16:43:00", "cpe": [], "id": "CVE-2019-18342", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18342", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-12-03T15:14:24", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-03-10T20:15:00", "type": "cve", "title": "CVE-2019-19293", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19293"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-19293", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19293", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:14:26", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-10T20:15:00", "type": "cve", "title": "CVE-2019-19291", "cwe": ["CWE-313"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19291"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-19291", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19291", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:50:31", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-12T19:15:00", "type": "cve", "title": "CVE-2019-13947", "cwe": ["CWE-317"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13947"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-13947", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13947", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:14:26", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-03-10T20:15:00", "type": "cve", "title": "CVE-2019-19294", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19294"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-19294", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19294", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:14:25", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-03-10T20:15:00", "type": "cve", "title": "CVE-2019-19295", "cwe": ["CWE-778"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19295"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-19295", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19295", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:14:24", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-10T20:15:00", "type": "cve", "title": "CVE-2019-19292", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19292"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-19292", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19292", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:14:22", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-10T20:15:00", "type": "cve", "title": "CVE-2019-19290", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19290"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-19290", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19290", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:09:30", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-12T19:15:00", "type": "cve", "title": "CVE-2019-18340", "cwe": ["CWE-327"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18340"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-18340", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:09:31", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-12T19:15:00", "type": "cve", "title": "CVE-2019-18338", "cwe": ["CWE-23"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18338"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-18338", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18338", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:09:29", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-12-12T19:15:00", "type": "cve", "title": "CVE-2019-18341", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18341"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-18341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18341", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T15:09:31", "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-12T19:15:00", "type": "cve", "title": "CVE-2019-18337", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18337"], "modified": "2021-04-22T21:15:00", "cpe": ["cpe:/a:siemens:sinvr_3_central_control_server:*", "cpe:/a:siemens:sinvr_3_video_server:*"], "id": "CVE-2019-18337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18337", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*"]}]}

Siemens and PKE Control Center Server

Description

Related