Sinvr 3 Central Control Server
CVE-2019-18340
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (siemens) · only source for this CVE.
CVSS VectorVendor: siemens
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography.
A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks.
AnalysisAI
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-327. A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks. Affected products include: Siemens Sinvr 3 Central Control Server, Siemens Sinvr 3 Video Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). Rated critical severity (CVSS 9
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated critical severity (CVS
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated high severity (CVSS 7.
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today