CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-13947

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.0%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

Products affected by CVE-2019-13947

Siemens » Sinvr 3 Central Control Server » Version: N/A

cpe:2.3:a:siemens:sinvr_3_central_control_server:-
Siemens » Sinvr 3 Video Server » Version: N/A

cpe:2.3:a:siemens:sinvr_3_video_server:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13947

Products

Pricing

Contact Us