CVE-2019-19291 vulnerability in Siemens Products
Published on March 10, 2020
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.
Weakness Type
Cleartext Storage in a File or on Disk
The application stores sensitive information in cleartext in a file, or on disk. The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Products Associated with CVE-2019-19291
Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.
Affected Versions
Siemens Control Center Server (CCS):- Version All versions < V1.5.0 is affected.
- Version All versions < V5.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.