All the vulnerabilites related to Siemens - SiNVR/SiVMS Video Server
cve-2019-19299
Vulnerability from cvelistv5
Published
2020-03-10 19:16
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server
applies weak cryptography when exposing device (camera) passwords.
This could allow an unauthenticated remote attacker to read and decrypt
the passwords and conduct further attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:46.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V5.0.0 \u003c V5.0.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326: Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:56:29.166Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-19299",
"datePublished": "2020-03-10T19:16:17",
"dateReserved": "2019-11-26T00:00:00",
"dateUpdated": "2024-08-05T02:16:46.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19297
Vulnerability from cvelistv5
Published
2020-03-10 19:16
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server
contains a path traversal vulnerability, that could allow an
unauthenticated remote attacker to access and download arbitrary files from the server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Siemens | SiNVR/SiVMS Video Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:56:26.734Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-19297",
"datePublished": "2020-03-10T19:16:17",
"dateReserved": "2019-11-26T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19298
Vulnerability from cvelistv5
Published
2020-03-10 19:16
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server
contains a input validation vulnerability, that could allow
an unauthenticated remote attacker to cause a Denial-of-Service condition
by sending malformed HTTP requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Siemens | SiNVR/SiVMS Video Server | |
| Siemens | SiNVR/SiVMS Video Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:46.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V5.0.0 \u003c V5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:56:27.965Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-19298",
"datePublished": "2020-03-10T19:16:17",
"dateReserved": "2019-11-26T00:00:00",
"dateUpdated": "2024-08-05T02:16:46.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19291
Vulnerability from cvelistv5
Published
2020-03-10 19:16
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain
log files that store login credentials in cleartext.
In configurations where the FTP service is enabled, authenticated remote
attackers could extract login credentials of other users of the service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Control Center Server (CCS)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0), SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain\nlog files that store login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "CWE-313: Cleartext Storage in a File or on Disk",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:56:19.475Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-19291",
"datePublished": "2020-03-10T19:16:17",
"dateReserved": "2019-11-26T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18339
Vulnerability from cvelistv5
Published
2019-12-12 19:08
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server
contains an authentication bypass vulnerability, even when properly
configured with enforced authentication.
A remote attacker with network access to the Video Server could
exploit this vulnerability to read the SiVMS/SiNVR users database, including
the passwords of all users in obfuscated cleartext.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Siemens | SiNVR/SiVMS Video Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:56:13.407Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-18339",
"datePublished": "2019-12-12T19:08:49",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19296
Vulnerability from cvelistv5
Published
2020-03-10 19:16
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video
Server contain a path traversal vulnerability
that could allow an authenticated remote attacker to access and download
arbitrary files from the server, if the FTP services are enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Siemens | SiNVR/SiVMS Video Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video\nServer contain a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download\narbitrary files from the server, if the FTP services are enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:56:25.518Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-19296",
"datePublished": "2020-03-10T19:16:17",
"dateReserved": "2019-11-26T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18340
Vulnerability from cvelistv5
Published
2019-12-12 19:08
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store
user and device passwords by applying weak cryptography.
A local attacker could exploit this vulnerability to extract
the passwords from the user database and/or the device configuration files
to conduct further attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Control Center Server (CCS)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Control Center Server (CCS)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V1.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0), Control Center Server (CCS) (All versions \u003e= V1.5.0), SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store\nuser and device passwords by applying weak cryptography.\n\nA local attacker could exploit this vulnerability to extract\nthe passwords from the user database and/or the device configuration files\nto conduct further attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:56:14.606Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-18340",
"datePublished": "2019-12-12T19:08:49",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}