Vulnerability Description
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinvr 3 Central Control Server | All versions |
| Siemens | Sinvr 3 Video Server | All versions |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfVendor Advisory
FAQ
What is CVE-2019-19296?
CVE-2019-19296 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path travers...
How severe is CVE-2019-19296?
CVE-2019-19296 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19296?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinvr 3 Central Control Server, Siemens Sinvr 3 Video Server.