CVE-2019-19291
Last modified
CVE-2019-19291 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.. EPSS estimates a 0.75% chance of exploitation in the next 30 days.
Description
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinvr 3 Central Control Server | All versions |
| Siemens | Sinvr 3 Video Server | All versions |
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfMitigation, Vendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfMitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-19291?
How severe is CVE-2019-19291?
How do I fix CVE-2019-19291?
Are you affected by CVE-2019-19291?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST