CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18337

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile2.89th
PublishedDec 12, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

Affected Platforms (CPE)

πŸ“¦
Siemens

Sinvr 3 Central Control Server

All versions
πŸ“¦
Siemens

Sinvr 3 Video Server

All versions

References & Advisories

πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

Related Vulnerabilities

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-1068610.0

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port ...