Sinvr 3 Central Control Server
CVE-2019-18338
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from Vendor (siemens) · only source for this CVE.
CVSS VectorVendor: siemens
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp.
An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.
AnalysisAI
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-23. A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context. Affected products include: Siemens Sinvr 3 Central Control Server, Siemens Sinvr 3 Video Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). Rated critical severity (CVSS 9
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated critical severity (CVS
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS)
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today