Vulnerabilities > CVE-2019-19291 - Cleartext Storage in a File or on Disk vulnerability in Siemens products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

siemens

CWE-313

NVD

Published: 2020-03-10

Updated: 2024-01-09

Summary

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinvr 3 Video Server * Siemens Sinvr 3 Central Control Server *	2

Common Weakness Enumeration (CWE)

CWE-313 - Cleartext Storage in a File or on Disk

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References