CRITICAL🇬🇧 English

CVE-2019-18337

CVSS 9.8v3.1pub. 2019-12-12upd. 2024-11-21

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Siemens Sinvr 3 Central Control Server

    APP
    Siemens
    wszystkie wersje
  • Siemens Sinvr 3 Video Server

    APP
    Siemens
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2019-18339CRITICAL9.8ten sam produkt

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (def...

CVE-2019-19292HIGH8.8ten sam produkt

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center...

CVE-2019-19297HIGH7.5ten sam produkt

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service...

CVE-2019-18338HIGH7.7ten sam produkt

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center...

CVE-2019-19290MEDIUM6.5ten sam produkt

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS sect...