CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-18340

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.1%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

Products affected by CVE-2019-18340

Siemens » Sinvr 3 Central Control Server » Version: N/A

cpe:2.3:a:siemens:sinvr_3_central_control_server:-
Siemens » Sinvr 3 Video Server » Version: N/A

cpe:2.3:a:siemens:sinvr_3_video_server:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18340

Products

Pricing

Contact Us