Vulnerabilities > CVE-2019-13947 - Cleartext Storage of Sensitive Information in GUI vulnerability in Siemens products

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

siemens

CWE-317

NVD

Published: 2019-12-12

Updated: 2024-01-09

Summary

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinvr 3 Video Server * Siemens Sinvr 3 Central Control Server *	2

Common Weakness Enumeration (CWE)

CWE-317 - Cleartext Storage of Sensitive Information in GUI

References

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf