Vulnerabilities > CVE-2019-19295 - Insufficient Logging vulnerability in Siemens products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

siemens

CWE-778

NVD

Published: 2020-03-10

Updated: 2024-01-09

Summary

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinvr 3 Video Server * Siemens Sinvr 3 Central Control Server *	2

Common Weakness Enumeration (CWE)

CWE-778 - Insufficient Logging

References

https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf