Siemens Sinvr 3 Central Control Server

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-19291 5.3 - Medium - March 10, 2020

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.

Cleartext Storage in a File or on Disk

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0)

CVE-2019-19299 7.5 - High - March 10, 2020

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.

Inadequate Encryption Strength

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0)

CVE-2019-19298 7.5 - High - March 10, 2020

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests.

Improper Input Validation

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0)

CVE-2019-19297 7.5 - High - March 10, 2020

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.

Directory traversal

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0)

CVE-2019-19296 6.8 - Medium - March 10, 2020

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled.

Directory traversal

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-19295 4.3 - Medium - March 10, 2020

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.

Insufficient Logging

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-19294 6.3 - Medium - March 10, 2020

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.

XSS

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-19293 6.1 - Medium - March 10, 2020

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.

XSS

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-19292 8.8 - High - March 10, 2020

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.

SQL Injection

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-19290 6.5 - Medium - March 10, 2020

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed.

Directory traversal

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-13947 4.9 - Medium - December 12, 2019

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.

Cleartext Storage of Sensitive Information in GUI

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-18342 9.9 - Critical - December 12, 2019

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-18341 5.3 - Medium - December 12, 2019

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).

authentification

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-18340 5.5 - Medium - December 12, 2019

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks.

Use of a Broken or Risky Cryptographic Algorithm

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0)

CVE-2019-18339 9.8 - Critical - December 12, 2019

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.

Missing Authentication for Critical Function

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-18338 7.7 - High - December 12, 2019

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.

Relative Path Traversal

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0)

CVE-2019-18337 9.8 - Critical - December 12, 2019

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

authentification