Vulnerabilities > CVE-2019-18341 - Unspecified vulnerability in Siemens products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

siemens

NVD

Published: 2019-12-12

Updated: 2024-11-21

Summary

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinvr 3 Video Server * Siemens Sinvr 3 Central Control Server *	2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf