CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-18337

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile2.89th
Published2019年12月12日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

Affected Platforms (CPE)

📦
Siemens

Sinvr 3 Central Control Server

All versions
📦
Siemens

Sinvr 3 Video Server

All versions

References & Advisories

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

相关漏洞威胁

CVE-2019-726810.0

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

CVE-2019-1095910.0

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does...

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....

CVE-2019-725710.0

Linear eMerge E3-Series devices allow Unrestricted File Upload.