Vulnerability Description
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinvr 3 Central Control Server | All versions |
| Siemens | Sinvr 3 Video Server | All versions |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfMitigationVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfMitigationVendor Advisory
FAQ
What is CVE-2019-19291?
CVE-2019-19291 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the C...
How severe is CVE-2019-19291?
CVE-2019-19291 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19291?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinvr 3 Central Control Server, Siemens Sinvr 3 Video Server.