Vulnerability Description
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinvr 3 Central Control Server | All versions |
| Siemens | Sinvr 3 Video Server | All versions |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
FAQ
What is CVE-2019-18341?
CVE-2019-18341 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass ...
How severe is CVE-2019-18341?
CVE-2019-18341 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18341?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinvr 3 Central Control Server, Siemens Sinvr 3 Video Server.