Vulnerability Description
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinvr 3 Central Control Server | All versions |
| Siemens | Sinvr 3 Video Server | All versions |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfVendor Advisory
FAQ
What is CVE-2019-19294?
CVE-2019-19294 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vul...
How severe is CVE-2019-19294?
CVE-2019-19294 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19294?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinvr 3 Central Control Server, Siemens Sinvr 3 Video Server.