Vulnerability Description
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinvr 3 Central Control Server | All versions |
| Siemens | Sinvr 3 Video Server | All versions |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
FAQ
What is CVE-2019-18337?
CVE-2019-18337 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communicati...
How severe is CVE-2019-18337?
CVE-2019-18337 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18337?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinvr 3 Central Control Server, Siemens Sinvr 3 Video Server.