Action not permitted
Modal body text goes here.
CVE-2019-18339
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf | Vendor Advisory |
▼ | Vendor | Product |
---|---|---|
Siemens | SiNVR/SiVMS Video Server |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:54:14.297Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SiNVR/SiVMS Video Server", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T09:56:13.407Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-18339", "datePublished": "2019-12-12T19:08:49", "dateReserved": "2019-10-23T00:00:00", "dateUpdated": "2024-08-05T01:54:14.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-18339\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2019-12-12T19:15:20.467\",\"lastModified\":\"2024-01-09T10:15:09.743\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\\ncontains an authentication bypass vulnerability, even when properly\\nconfigured with enforced authentication.\\n\\nA remote attacker with network access to the Video Server could \\nexploit this vulnerability to read the SiVMS/SiNVR users database, including\\nthe passwords of all users in obfuscated cleartext.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones anteriores a V5.0.0). El servicio HTTP (puerto predeterminado 5401/tcp) de SiVMS/SiNVR Video Server contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n, incluso cuando est\u00e1 configurado correctamente con autenticaci\u00f3n forzada. Un atacante remoto con acceso a la red del Servidor de Video podr\u00eda explotar esta vulnerabilidad para leer la base de datos de usuarios de SiVMS/SiNVR, incluyendo las contrase\u00f1as de todos los usuarios en texto claro ofuscado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16668E9A-2D0A-425E-87F4-18CFC50551D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F21BB6D-BFE0-4B69-97F2-1A871A390B1E\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
icsa-19-344-02
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "names": [ "Rapha\u00ebl Rigo" ], "organization": "Airbus Security Lab", "summary": "reporting these vulnerabilities to Siemens" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of these vulnerabilities could allow an attacker to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext and configuration files.", "title": "Risk evaluation" }, { "category": "other", "text": "Commercial Facilities", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-19-344-02 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-344-02.json" }, { "category": "self", "summary": "ICS Advisory ICSA-19-344-02 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-344-02" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B" } ], "title": "Siemens and PKE SiNVR, SiVMS Video Server (Update A)", "tracking": { "current_release_date": "2021-04-13T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-19-344-02", "initial_release_date": "2019-12-10T00:00:00.000000Z", "revision_history": [ { "date": "2019-12-10T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-19-344-02 Siemens SiNVR 3" }, { "date": "2021-04-13T00:00:00.000000Z", "legacy_version": "A", "number": "2", "summary": "ICSA-19-344-02 Siemens and PKE SiNVR SiVMS Video Server (Update A)" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003e= 5.0.0 | CVE-2019-18340", "product": { "name": "SiNVR/SiVMS Video Server: v5.0.0 and later is affected by CVE-2019-18340", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "SiNVR/SiVMS Video Server" }, { "branches": [ { "category": "product_version", "name": "- SSA-761844 and ICSA-21-103-10", "product": { "name": "SiNVR 3 Central Control Server (CCS): all versions Moved to SSA-761844 and ICSA-21-103-10", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "SiNVR 3 Central Control Server (CCS)" }, { "branches": [ { "category": "product_version_range", "name": "\u003c 5.0.0", "product": { "name": "SiNVR/SiVMS Video Server: All versions prior to v5.0.0", "product_id": "CSAFPID-0003" } } ], "category": "product_name", "name": "SiNVR/SiVMS Video Server" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-18339", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "summary", "text": "The HTTP service (default specific port) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. CVE-2019-13947, CVE-2019-18337, CVE-2019-18338, CVE-2019-18341, and CVE-2019-18342 have been moved to SSA-761844 and ICSA-21-103-10.CVE-2019-18339 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] }, "references": [ { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18339" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Siemens recommends users to update to v5.0.0 or later.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "url": "https://sivms.cloud/sivms-platform/" }, { "category": "vendor_fix", "details": "Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] }, { "category": "vendor_fix", "details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens \u0027 operational guidelines for industrial security and to following the recommendations in the product manuals.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] }, { "category": "vendor_fix", "details": "Additional information on industrial security by Siemens can be found at:https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "url": "https://www.siemens.com/industrialsecurity" }, { "category": "vendor_fix", "details": "For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens security advisory SSA-761617 and the PKE security advisory.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "url": "https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] } ] }, { "cve": "CVE-2019-18340", "cwe": { "id": "CWE-261", "name": "Weak Encoding for Password" }, "notes": [ { "category": "summary", "text": "Both the SiNVR 3 Video Server and the CCS store user and device passwords by applying weak cryptography. CVE-2019-18340 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).. --------- End Update A Part 4 of 6 ---------CVE-2019-18340 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] }, "references": [ { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18340" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "remediations": [ { "category": "vendor_fix", "details": "Siemens recommends users to update to v5.0.0 or later.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "url": "https://sivms.cloud/sivms-platform/" }, { "category": "vendor_fix", "details": "Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] }, { "category": "vendor_fix", "details": "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens \u0027 operational guidelines for industrial security and to following the recommendations in the product manuals.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] }, { "category": "vendor_fix", "details": "Additional information on industrial security by Siemens can be found at:https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "url": "https://www.siemens.com/industrialsecurity" }, { "category": "vendor_fix", "details": "For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens security advisory SSA-761617 and the PKE security advisory.", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "url": "https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] } ] } ] }
ssa-761617
Vulnerability from csaf_siemens
Notes
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)", "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Video Server application in SiNVR/SiVMS solutions contains two vulnerabilities\ninvolving authentication bypass (CVE-2019-18339) and information disclosure (CVE-2019-18340).\n\nPKE has released an update of the application that fixes CVE-2019-18339.\nThis update is not available under the former Siemens OEM brand name SiNVR. For details contact PKE (\nhttps://pke.at/).\nSiemens recommends specific countermeasures to mitigate the vulnerabilities.", "title": "Summary" }, { "category": "general", "text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", "title": "General Recommendations" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "productcert@siemens.com", "name": "Siemens ProductCERT", "namespace": "https://www.siemens.com" }, "references": [ { "category": "self", "summary": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-761617.html" }, { "category": "self", "summary": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-761617.json" }, { "category": "self", "summary": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" }, { "category": "self", "summary": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-761617.txt" } ], "title": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server", "tracking": { "current_release_date": "2024-01-09T00:00:00Z", "generator": { "engine": { "name": "Siemens ProductCERT CSAF Generator", "version": "1" } }, "id": "SSA-761617", "initial_release_date": "2019-12-10T00:00:00Z", "revision_history": [ { "date": "2019-12-10T00:00:00Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" }, { "date": "2021-04-13T00:00:00Z", "legacy_version": "1.1", "number": "2", "summary": "Added partial solution for SiNVR/SiVMS Video Server; removed information for Control Center Server (CCS), which is now addressed in SSA-761844" }, { "date": "2024-01-09T00:00:00Z", "legacy_version": "1.2", "number": "3", "summary": "Cleanup: removed orphaned links to vendor advisories and software downloads" } ], "status": "interim", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003cV5.0.0", "product": { "name": "SiNVR/SiVMS Video Server", "product_id": "1" } }, { "category": "product_version_range", "name": "\u003e=V5.0.0", "product": { "name": "SiNVR/SiVMS Video Server", "product_id": "2" } } ], "category": "product_name", "name": "SiNVR/SiVMS Video Server" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-18339", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "summary", "text": "The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext.\n", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "mitigation", "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access", "product_ids": [ "1" ] }, { "category": "mitigation", "details": "CVE-2019-18339: SiNVR/SiVMS deployments with active Control Center Server (CCS) should ensure that every video server and client has the Authorization Server set to \"Control Center Server\" (Configuration -\u003e Appearance -\u003e Desktop -\u003e Authorization Server)", "product_ids": [ "1" ] }, { "category": "vendor_fix", "details": "Update to V5.0.0 or later version", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2019-18339" }, { "cve": "CVE-2019-18340", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "notes": [ { "category": "summary", "text": "Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store\nuser and device passwords by applying weak cryptography.\n\nA local attacker could exploit this vulnerability to extract\nthe passwords from the user database and/or the device configuration files\nto conduct further attacks.\n", "title": "Summary" } ], "product_status": { "known_affected": [ "1", "2" ] }, "remediations": [ { "category": "mitigation", "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access", "product_ids": [ "1", "2" ] }, { "category": "mitigation", "details": "CVE-2019-18340: Harden the Video Servers to prevent local access by unauthorized users", "product_ids": [ "1", "2" ] }, { "category": "no_fix_planned", "details": "Currently no fix is planned", "product_ids": [ "2" ] }, { "category": "vendor_fix", "details": "Update to V5.0.0 or later version", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C", "version": "3.1" }, "products": [ "1", "2" ] } ], "title": "CVE-2019-18340" } ] }
var-201912-1243
Vulnerability from variot
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication.
A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext. SiNVR 3 Central Control Server (CCS) and Video Server Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-1243", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinvr 3 central control server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinvr 3 video server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinvr 3 central control server", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinvr 3 video server", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinvr video server", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "3" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinvr 3 central control server", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinvr 3 video server", "version": "*" } ], "sources": [ { "db": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56" }, { "db": "CNVD", "id": "CNVD-2019-44756" }, { "db": "JVNDB", "id": "JVNDB-2019-013205" }, { "db": "NVD", "id": "CVE-2019-18339" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-18339" } ] }, "cve": "CVE-2019-18339", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-18339", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2019-44756", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-18339", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-18339", "trust": 1.8, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2019-18339", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2019-44756", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201912-425", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56", "trust": 0.2, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56" }, { "db": "CNVD", "id": "CNVD-2019-44756" }, { "db": "JVNDB", "id": "JVNDB-2019-013205" }, { "db": "CNNVD", "id": "CNNVD-201912-425" }, { "db": "NVD", "id": "CVE-2019-18339" }, { "db": "NVD", "id": "CVE-2019-18339" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication. \n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext. SiNVR 3 Central Control Server (CCS) and Video Server Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH", "sources": [ { "db": "NVD", "id": "CVE-2019-18339" }, { "db": "JVNDB", "id": "JVNDB-2019-013205" }, { "db": "CNVD", "id": "CNVD-2019-44756" }, { "db": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-18339", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-761617", "trust": 2.2 }, { "db": "ICS CERT", "id": "ICSA-19-344-02", "trust": 1.4 }, { "db": "CNVD", "id": "CNVD-2019-44756", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201912-425", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-013205", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-19-344-01", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4625", "trust": 0.6 }, { "db": "IVD", "id": "DE4D8759-019C-495D-9EC9-B161D4EA4F56", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56" }, { "db": "CNVD", "id": "CNVD-2019-44756" }, { "db": "JVNDB", "id": "JVNDB-2019-013205" }, { "db": "CNNVD", "id": "CNNVD-201912-425" }, { "db": "NVD", "id": "CVE-2019-18339" } ] }, "id": "VAR-201912-1243", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56" }, { "db": "CNVD", "id": "CNVD-2019-44756" } ], "trust": 1.454873825 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56" }, { "db": "CNVD", "id": "CNVD-2019-44756" } ] }, "last_update_date": "2024-01-17T18:39:33.867000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-761617", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" }, { "title": "Patch for Siemens SiNVR 3 Video Server Authentication Bypass Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/193673" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-44756" }, { "db": "JVNDB", "id": "JVNDB-2019-013205" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-306", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013205" }, { "db": "NVD", "id": "CVE-2019-18339" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-02" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18339" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18339" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4625/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-344-02" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-01" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-44756" }, { "db": "JVNDB", "id": "JVNDB-2019-013205" }, { "db": "CNNVD", "id": "CNNVD-201912-425" }, { "db": "NVD", "id": "CVE-2019-18339" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56" }, { "db": "CNVD", "id": "CNVD-2019-44756" }, { "db": "JVNDB", "id": "JVNDB-2019-013205" }, { "db": "CNNVD", "id": "CNNVD-201912-425" }, { "db": "NVD", "id": "CVE-2019-18339" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-11T00:00:00", "db": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56" }, { "date": "2019-12-11T00:00:00", "db": "CNVD", "id": "CNVD-2019-44756" }, { "date": "2019-12-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013205" }, { "date": "2019-12-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-425" }, { "date": "2019-12-12T19:15:20.467000", "db": "NVD", "id": "CVE-2019-18339" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-11T00:00:00", "db": "CNVD", "id": "CNVD-2019-44756" }, { "date": "2019-12-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013205" }, { "date": "2021-04-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-425" }, { "date": "2024-01-09T10:15:09.743000", "db": "NVD", "id": "CVE-2019-18339" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201912-425" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SiNVR 3 Video Server Authentication Bypass Vulnerability", "sources": [ { "db": "IVD", "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56" }, { "db": "CNVD", "id": "CNVD-2019-44756" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "access control error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201912-425" } ], "trust": 0.6 } }
gsd-2019-18339
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2019-18339", "description": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.", "id": "GSD-2019-18339" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-18339" ], "details": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.", "id": "GSD-2019-18339", "modified": "2023-12-13T01:23:50.504761Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-18339", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SiNVR/SiVMS Video Server", "version": { "version_data": [ { "version_affected": "=", "version_value": "All versions \u003c V5.0.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext." } ] }, "impact": { "cvss": [ { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-306", "lang": "eng", "value": "CWE-306: Missing Authentication for Critical Function" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "16668E9A-2D0A-425E-87F4-18CFC50551D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F21BB6D-BFE0-4B69-97F2-1A871A390B1E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones anteriores a V5.0.0). El servicio HTTP (puerto predeterminado 5401/tcp) de SiVMS/SiNVR Video Server contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n, incluso cuando est\u00e1 configurado correctamente con autenticaci\u00f3n forzada. Un atacante remoto con acceso a la red del Servidor de Video podr\u00eda explotar esta vulnerabilidad para leer la base de datos de usuarios de SiVMS/SiNVR, incluyendo las contrase\u00f1as de todos los usuarios en texto claro ofuscado." } ], "id": "CVE-2019-18339", "lastModified": "2024-01-09T10:15:09.743", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2019-12-12T19:15:20.467", "references": [ { "source": "productcert@siemens.com", "tags": [ "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-306" } ], "source": "productcert@siemens.com", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-306" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] } } } }
ghsa-372q-jmw9-5mw6
Vulnerability from github
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext.
{ "affected": [], "aliases": [ "CVE-2019-18339" ], "database_specific": { "cwe_ids": [ "CWE-306" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-12-12T19:15:00Z", "severity": "CRITICAL" }, "details": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext.", "id": "GHSA-372q-jmw9-5mw6", "modified": "2024-01-09T12:30:34Z", "published": "2022-05-24T17:03:29Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18339" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.