CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-19292

HIGH
8.8
CVSS Severity Score
EPSS Score0.0580%
EPSS Percentile36.48th
Published2020年3月10日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.

Affected Platforms (CPE)

📦
Siemens

Sinvr 3 Central Control Server

All versions
📦
Siemens

Sinvr 3 Video Server

All versions

References & Advisories

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf

相關漏洞威脅

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...