Siemens: Security Vulnerabilities
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-12-12
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass
vulnerability in its XML-based communication protocol as provided by default
on ports 5444/tcp and 5440/tcp.
A remote attacker with network access to the CCS server could
exploit this vulnerability to read the CCS users database, including
the passwords of all users in obfuscated cleartext.
CVSS Score
9.8
EPSS Score
0.001
Published
2019-12-12
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal
vulnerability in its XML-based communication protocol as provided by default
on ports 5444/tcp and 5440/tcp.
An authenticated remote attacker with network access to the CCS server
could exploit this vulnerability to list arbitrary directories
or read files outside of the CCS application context.
CVSS Score
7.7
EPSS Score
0.007
Published
2019-12-12
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server
contains an authentication bypass vulnerability, even when properly
configured with enforced authentication.
A remote attacker with network access to the Video Server could
exploit this vulnerability to read the SiVMS/SiNVR users database, including
the passwords of all users in obfuscated cleartext.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-12-12
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store
user and device passwords by applying weak cryptography.
A local attacker could exploit this vulnerability to extract
the passwords from the user database and/or the device configuration files
to conduct further attacks.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-12
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server
(CCS) contains an authentication bypass vulnerability.
A remote attacker with network access to the CCS server could
exploit this vulnerability to read data from the EDIR directory
(for example, the list of all configured stations).
CVSS Score
5.3
EPSS Score
0.001
Published
2019-12-12
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server
(CCS) does not properly limit its capabilities to the specified purpose.
In conjunction with CVE-2019-18341, an unauthenticated remote attacker with
network access to the CCS server could exploit this vulnerability
to read or delete arbitrary files, or access other resources on the same
server.
CVSS Score
9.9
EPSS Score
0.006
Published
2019-12-12
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-12-12
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-12-12
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-12-12