VAR-202003-0778
Vulnerability from variot - Updated: 2024-02-20 21:19A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content. SiNVR 3 is a video management platform. Remote attackers can use this vulnerability to inject malicious JavaScript code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinvr 3 central control server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinvr 3 video server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinvr 3 video server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sinvr 3 central control server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sinvr central control server",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3"
},
{
"model": "sinvr video server",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinvr 3 central control server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinvr 3 video server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "743ca4cb-2414-4d27-b575-59994d163c85"
},
{
"db": "CNVD",
"id": "CNVD-2020-17007"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014868"
},
{
"db": "NVD",
"id": "CVE-2019-19294"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19294"
}
]
},
"cve": "CVE-2019-19294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-19294",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-17007",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "743ca4cb-2414-4d27-b575-59994d163c85",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014868",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19294",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-19294",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-17007",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-481",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "743ca4cb-2414-4d27-b575-59994d163c85",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-19294",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "743ca4cb-2414-4d27-b575-59994d163c85"
},
{
"db": "CNVD",
"id": "CNVD-2020-17007"
},
{
"db": "VULMON",
"id": "CVE-2019-19294"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-481"
},
{
"db": "NVD",
"id": "CVE-2019-19294"
},
{
"db": "NVD",
"id": "CVE-2019-19294"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0). The web interface of the Control Center Server (CCS) contains\nmultiple stored Cross-site Scripting (XSS) vulnerabilities in several input\nfields. \nThis could allow an authenticated remote attacker to inject malicious\nJavaScript code into the CCS web application that is later executed\nin the browser context of any other user who views the relevant CCS\nweb content. SiNVR 3 is a video management platform. Remote attackers can use this vulnerability to inject malicious JavaScript code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19294"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014868"
},
{
"db": "CNVD",
"id": "CNVD-2020-17007"
},
{
"db": "IVD",
"id": "743ca4cb-2414-4d27-b575-59994d163c85"
},
{
"db": "VULMON",
"id": "CVE-2019-19294"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19294",
"trust": 4.1
},
{
"db": "SIEMENS",
"id": "SSA-761844",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-844761",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-20-070-01",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-17007",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-481",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96269392",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014868",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-103-10",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1240",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46128",
"trust": 0.6
},
{
"db": "IVD",
"id": "743CA4CB-2414-4D27-B575-59994D163C85",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-19294",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "743ca4cb-2414-4d27-b575-59994d163c85"
},
{
"db": "CNVD",
"id": "CNVD-2020-17007"
},
{
"db": "VULMON",
"id": "CVE-2019-19294"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-481"
},
{
"db": "NVD",
"id": "CVE-2019-19294"
}
]
},
"id": "VAR-202003-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "743ca4cb-2414-4d27-b575-59994d163c85"
},
{
"db": "CNVD",
"id": "CNVD-2020-17007"
}
],
"trust": 1.454873825
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "743ca4cb-2414-4d27-b575-59994d163c85"
},
{
"db": "CNVD",
"id": "CNVD-2020-17007"
}
]
},
"last_update_date": "2024-02-20T21:19:51.473000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-844761",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"title": "Patch for Siemens SiNVR 3 Cross-site Scripting Vulnerability (CNVD-2020-17007)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/208743"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=03dd7efb196bdf8da925c4ca8f3d02f6"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=941d6ca22d089421a99575c44abd4248"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17007"
},
{
"db": "VULMON",
"id": "CVE-2019-19294"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014868"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014868"
},
{
"db": "NVD",
"id": "CVE-2019-19294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19294"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96269392/index.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-10"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1240"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46128"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-761844.txt"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17007"
},
{
"db": "VULMON",
"id": "CVE-2019-19294"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-481"
},
{
"db": "NVD",
"id": "CVE-2019-19294"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "743ca4cb-2414-4d27-b575-59994d163c85"
},
{
"db": "CNVD",
"id": "CNVD-2020-17007"
},
{
"db": "VULMON",
"id": "CVE-2019-19294"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014868"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-481"
},
{
"db": "NVD",
"id": "CVE-2019-19294"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "IVD",
"id": "743ca4cb-2414-4d27-b575-59994d163c85"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17007"
},
{
"date": "2020-03-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19294"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014868"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-481"
},
{
"date": "2020-03-10T20:15:19.413000",
"db": "NVD",
"id": "CVE-2019-19294"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17007"
},
{
"date": "2021-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19294"
},
{
"date": "2024-02-20T07:11:00",
"db": "JVNDB",
"id": "JVNDB-2019-014868"
},
{
"date": "2021-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-481"
},
{
"date": "2024-01-09T10:15:12.267000",
"db": "NVD",
"id": "CVE-2019-19294"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-481"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SiNVR\u00a03\u00a0Central\u00a0Control\u00a0Server\u00a0 and \u00a0Video\u00a0Server\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014868"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-481"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…