82 matches found
CVE-2019-19294
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The web interface of the Control Center Server CCS contains multiple stored Cross-site Scripting XSS vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious...
CVE-2019-19295
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote...
CVE-2019-19293
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The web interface of the Control Center Server CCS contains a reflected Cross-site Scripting XSS vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrativ...
CVE-2019-19292
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit...
CVE-2019-19290
CVE-2019-19290 affects Siemens/SINVR CCS (Control Center Server) prior to v1.5.0. A path traversal vulnerability in the CCS web interface DOWNLOADS area could allow an authenticated remote attacker to access/download arbitrary server files. The issue is explicitly tied to CCS versions
CVE-2019-19290
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The DOWNLOADS section in the web interface of the Control Center Server CCS contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from t...
CVE-2019-19295
Summary of CVE-2019-19295 (CVE List entry): The vulnerability affects Siemens/Sinogram CCS (Control Center Server) prior to v1.5.0, where the XML-based communication protocol on ports 5444/tcp and 5440/tcp does not enforce logging of security-relevant activities by default. An authenticated remot...
CVE-2019-19292
CVE-2019-19292 affects Siemens CCS (Control Center Server): SQL injection in the XML-based protocol on ports 5444/TCP and 5440/TCP affecting all CCS versions before v1.5.0. An authenticated remote attacker could read/modify the CCS database and potentially perform administrative database operatio...
CVE-2019-19291
CVE-2019-19291 affects Siemens CCS and SiNVR/SiVMS Video Server. The FTP services store login credentials in cleartext in log files, enabling authenticated remote attackers to extract credentials when FTP is enabled. Affected: CCS before v1.5.0 and Video Server before v5.0.0. Mitigation: upgrade ...
PT-2020-2446 · Unknown · Control Center Server
Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 Description: A stored Cross-site Scripting XSS vulnerability has been identified in the web interface of the Control Center Server CCS. This issue is related to the lack of input data...
PT-2020-2443 · Siemens · Control Center Server +1
Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 SiNVR/SiVMS Video Server versions prior to V5.0.0 Description: A vulnerability has been identified where the FTP services of the SiVMS/SiNVR Video Server and the Control Center Server CCS...
PT-2020-2445 · Unknown · Control Center Server +2
Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 SiNVR 3 Central Control Server all versions SiNVR 3 Video Server all versions Description: A reflected Cross-site Scripting XSS vulnerability has been identified in the web interface of the...
PT-2020-2447 · Sinvr · Sinvr 3 Central Control Server +2
Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 SiNVR 3 Central Control Server all versions SiNVR 3 Video Server all versions Description: A vulnerability has been identified in the Control Center Server CCS and SiNVR 3 Central Control...
CVE-2019-18340
A vulnerability has been identified in Control Center Server CCS All versions = V1.5.0, SiNVR/SiVMS Video Server All versions = V5.0.0. Both the SiVMS/SiNVR Video Server and the Control Center Server CCS store user and device passwords by applying weak cryptography. A local attacker could exploit...
CVE-2019-18342
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The SFTP service default port 22/tcp of the Control Center Server CCS does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker wit...
CVE-2019-18337
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access ...
CVE-2019-18341
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The SFTP service default port 22/tcp of the Control Center Server CCS contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to...
CVE-2019-18338
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with...
CVE-2019-18342
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The SFTP service default port 22/tcp of the Control Center Server CCS does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker wit...
CVE-2019-13947
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The user configuration menu in the web interface of the Control Center Server CCS transfers user passwords in clear to the client browser. An attacker with administrative privileges for the web interface could b...