ssa-844761
Vulnerability from csaf_siemens
Published
2020-03-10 00:00
Modified
2024-01-09 00:00
Summary
SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server

Notes

Summary
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. For details contact PKE ( https://pke.at/).
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.


To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities\ninvolving information disclosure (CVE-2019-19291, CVE-2019-19299),\npath traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298).\n\nPKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299.\nThis update is not available under the former Siemens OEM brand name SiNVR.\nFor details contact PKE (\nhttps://pke.at/).",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-844761.html"
      },
      {
        "category": "self",
        "summary": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-844761.json"
      },
      {
        "category": "self",
        "summary": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-844761.txt"
      }
    ],
    "title": "SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server",
    "tracking": {
      "current_release_date": "2024-01-09T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-844761",
      "initial_release_date": "2020-03-10T00:00:00Z",
      "revision_history": [
        {
          "date": "2020-03-10T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2021-04-13T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added partial solution for SiNVR/SiVMS Video Server; removed information for Control Center Server (CCS), which is now addressed in SSA-761844"
        },
        {
          "date": "2021-08-10T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added solution for CVE-2019-19298 and related additional security hardening measures"
        },
        {
          "date": "2024-01-09T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Cleanup: removed orphaned links to vendor advisories and software downloads"
        }
      ],
      "status": "interim",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV5.0.0",
                "product": {
                  "name": "SiNVR/SiVMS Video Server",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=V5.0.0\u003cV5.0.2",
                "product": {
                  "name": "SiNVR/SiVMS Video Server",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=V5.0.2",
                "product": {
                  "name": "SiNVR/SiVMS Video Server",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "SiNVR/SiVMS Video Server"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-19291",
      "cwe": {
        "id": "CWE-313",
        "name": "Cleartext Storage in a File or on Disk"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain\nlog files that store login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19291, CVE-2019-19296: Disable the two FTP services of the Video Server",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19291"
    },
    {
      "cve": "CVE-2019-19296",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video\nServer contain a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download\narbitrary files from the server, if the FTP services are enabled.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19291, CVE-2019-19296: Disable the two FTP services of the Video Server",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19296"
    },
    {
      "cve": "CVE-2019-19297",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19297"
    },
    {
      "cve": "CVE-2019-19298",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1",
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19298: The update to V5.0.2 also provides an additional authentication feature that allows to protect the access to the streaming service via individual account names and passwords for every stream recorder. It is recommended to configure this feature accordingly. For details see the release notes of V5.0.2",
          "product_ids": [
            "1",
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.2 or later version",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2019-19298"
    },
    {
      "cve": "CVE-2019-19299",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level)",
          "product_ids": [
            "1",
            "2",
            "3"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "3"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.2 or later version",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "3",
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2019-19299"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.