VAR-201912-1243
Vulnerability from variot - Updated: 2024-01-17 18:39A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication.
A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext. SiNVR 3 Central Control Server (CCS) and Video Server Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1243",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinvr 3 central control server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinvr 3 video server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinvr 3 central control server",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinvr 3 video server",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinvr video server",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinvr 3 central control server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinvr 3 video server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
},
{
"db": "CNVD",
"id": "CNVD-2019-44756"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013205"
},
{
"db": "NVD",
"id": "CVE-2019-18339"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18339"
}
]
},
"cve": "CVE-2019-18339",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-18339",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-44756",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18339",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18339",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-18339",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-44756",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-425",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
},
{
"db": "CNVD",
"id": "CNVD-2019-44756"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013205"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-425"
},
{
"db": "NVD",
"id": "CVE-2019-18339"
},
{
"db": "NVD",
"id": "CVE-2019-18339"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication. \n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext. SiNVR 3 Central Control Server (CCS) and Video Server Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18339"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013205"
},
{
"db": "CNVD",
"id": "CNVD-2019-44756"
},
{
"db": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18339",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-761617",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-344-02",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2019-44756",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-425",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013205",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-344-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4625",
"trust": 0.6
},
{
"db": "IVD",
"id": "DE4D8759-019C-495D-9EC9-B161D4EA4F56",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
},
{
"db": "CNVD",
"id": "CNVD-2019-44756"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013205"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-425"
},
{
"db": "NVD",
"id": "CVE-2019-18339"
}
]
},
"id": "VAR-201912-1243",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
},
{
"db": "CNVD",
"id": "CNVD-2019-44756"
}
],
"trust": 1.454873825
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
},
{
"db": "CNVD",
"id": "CNVD-2019-44756"
}
]
},
"last_update_date": "2024-01-17T18:39:33.867000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-761617",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
},
{
"title": "Patch for Siemens SiNVR 3 Video Server Authentication Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/193673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44756"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013205"
},
{
"db": "NVD",
"id": "CVE-2019-18339"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18339"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18339"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4625/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-344-02"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44756"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013205"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-425"
},
{
"db": "NVD",
"id": "CVE-2019-18339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
},
{
"db": "CNVD",
"id": "CNVD-2019-44756"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013205"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-425"
},
{
"db": "NVD",
"id": "CVE-2019-18339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-11T00:00:00",
"db": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
},
{
"date": "2019-12-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44756"
},
{
"date": "2019-12-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013205"
},
{
"date": "2019-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-425"
},
{
"date": "2019-12-12T19:15:20.467000",
"db": "NVD",
"id": "CVE-2019-18339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44756"
},
{
"date": "2019-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013205"
},
{
"date": "2021-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-425"
},
{
"date": "2024-01-09T10:15:09.743000",
"db": "NVD",
"id": "CVE-2019-18339"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-425"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SiNVR 3 Video Server Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
},
{
"db": "CNVD",
"id": "CNVD-2019-44756"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-425"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…