CVE-2019-13947 vulnerability in Siemens Products
Published on December 12, 2019
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.
Weakness Type
Cleartext Storage of Sensitive Information in GUI
The application stores sensitive information in cleartext within the GUI. An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Products Associated with CVE-2019-13947
stack.watch emails you whenever new vulnerabilities are published in Siemens Sinvr 3 Central Control Server or Siemens Sinvr 3 Video Server. Just hit a watch button to start following.
Affected Versions
Siemens Control Center Server (CCS) Version All versions < V1.5.0 is affected by CVE-2019-13947Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.