cvelistv5 - cve-2019-19293

CVE-2019-19293 (GCVE-0-2019-19293)

Vulnerability from cvelistv5

Published

2020-03-10 19:16

Modified

2024-08-05 02:09

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.

References

►

URL

	Vendor	Product	Version
	Siemens	Control Center Server (CCS)	Version: All versions < V1.5.0

ssa-761844

Vulnerability from csaf_siemens

Published

2021-04-13 00:00

Modified

2024-01-09 00:00

Summary

SSA-761844: Multiple Vulnerabilities in Control Center Server (CCS)

Notes

Summary

The advisory informs about multiple vulnerabilities in the Central Control Server (CCS) application, as initially reported in SSA-761617 ( https://cert-portal.siemens.com/productcert/html/ssa-761617.html) on 2019-12-10 and SSA-844761 (https://cert-portal.siemens.com/productcert/html/ssa-844761.html) on 2020-03-10. The vulnerabilities involve authentication bypass (CVE-2019-18337, CVE-2019-18341), path traversal (CVE-2019-18338, CVE-2019-19290), information disclosure (CVE-2019-13947, CVE-2019-18340, CVE-2019-19291), privilege escalation (CVE-2019-18342), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), and insufficient logging (CVE-2019-19295). PKE has released an update for CCS that fixes the reported vulnerabilities, except for CVE-2019-18340. For details contact PKE ( https://pke.at/). Siemens recommends to update to the latest version and recommends specific countermeasures to mitigate the vulnerabilities.

General Recommendations

As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The advisory informs about multiple vulnerabilities in the Central Control Server (CCS) application, as initially\nreported in SSA-761617 (\nhttps://cert-portal.siemens.com/productcert/html/ssa-761617.html) on 2019-12-10\nand SSA-844761 (https://cert-portal.siemens.com/productcert/html/ssa-844761.html) on 2020-03-10.\nThe vulnerabilities involve authentication bypass (CVE-2019-18337, CVE-2019-18341),\npath traversal (CVE-2019-18338, CVE-2019-19290), information disclosure (CVE-2019-13947, CVE-2019-18340, CVE-2019-19291),\nprivilege escalation (CVE-2019-18342), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), and\ninsufficient logging (CVE-2019-19295).\n\nPKE has released an update for CCS that fixes the reported vulnerabilities, except for CVE-2019-18340. For details contact PKE (\nhttps://pke.at/).\nSiemens recommends to update to the latest version and recommends specific countermeasures to mitigate the vulnerabilities.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-761844: Multiple Vulnerabilities in Control Center Server (CCS) - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-761844.html"
      },
      {
        "category": "self",
        "summary": "SSA-761844: Multiple Vulnerabilities in Control Center Server (CCS) - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-761844.json"
      },
      {
        "category": "self",
        "summary": "SSA-761844: Multiple Vulnerabilities in Control Center Server (CCS) - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-761844: Multiple Vulnerabilities in Control Center Server (CCS) - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-761844.txt"
      }
    ],
    "title": "SSA-761844: Multiple Vulnerabilities in Control Center Server (CCS)",
    "tracking": {
      "current_release_date": "2024-01-09T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-761844",
      "initial_release_date": "2021-04-13T00:00:00Z",
      "revision_history": [
        {
          "date": "2021-04-13T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2024-01-09T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Cleanup: removed orphaned links to vendor advisories and software downloads"
        }
      ],
      "status": "interim",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV1.5.0",
                "product": {
                  "name": "Control Center Server (CCS)",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=V1.5.0",
                "product": {
                  "name": "Control Center Server (CCS)",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "Control Center Server (CCS)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-13947",
      "cwe": {
        "id": "CWE-317",
        "name": "Cleartext Storage of Sensitive Information in GUI"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The user configuration menu in the web interface of the\nControl Center Server (CCS) transfers user passwords in clear to the\nclient (browser).\n\nAn attacker with administrative privileges for the web interface could be\nable to read (and not only reset) passwords of other CCS users.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-13947"
    },
    {
      "cve": "CVE-2019-18337",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Control Center Server (CCS) contains an authentication bypass\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\n\nA remote attacker with network access to the CCS server could\nexploit this vulnerability to read the CCS users database, including\nthe passwords of all users in obfuscated cleartext.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-18337"
    },
    {
      "cve": "CVE-2019-18338",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Control Center Server (CCS) contains a directory traversal\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\n\nAn authenticated remote attacker with network access to the CCS server\ncould exploit this vulnerability to list arbitrary directories\nor read files outside of the CCS application context.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-18338"
    },
    {
      "cve": "CVE-2019-18340",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store\nuser and device passwords by applying weak cryptography.\n\nA local attacker could exploit this vulnerability to extract\nthe passwords from the user database and/or the device configuration files\nto conduct further attacks.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1",
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-18340: Harden the CCS server to prevent local access by unauthorized users",
          "product_ids": [
            "1",
            "2"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2019-18340"
    },
    {
      "cve": "CVE-2019-18341",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The SFTP service (default port 22/tcp) of the Control Center Server\n(CCS) contains an authentication bypass vulnerability.\n\nA remote attacker with network access to the CCS server could\nexploit this vulnerability to read data from the EDIR directory\n(for example, the list of all configured stations).\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-18341"
    },
    {
      "cve": "CVE-2019-18342",
      "cwe": {
        "id": "CWE-749",
        "name": "Exposed Dangerous Method or Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The SFTP service (default port 22/tcp) of the Control Center Server\n(CCS) does not properly limit its capabilities to the specified purpose.\n\nIn conjunction with CVE-2019-18341, an unauthenticated remote attacker with\nnetwork access to the CCS server could exploit this vulnerability\nto read or delete arbitrary files, or access other resources on the same\nserver.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-18342"
    },
    {
      "cve": "CVE-2019-19290",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The DOWNLOADS section in the web interface of the Control Center\nServer (CCS) contains a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download\narbitrary files from the server where CCS is installed.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19290, CVE-2019-19293, CVE-2019-19294: Disable the web interface of CCS if not used. Alternatively, restrict access from localhost only, or only to trusted hosts of CCS administrators. Enable TLS for the web interface of CCS.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19290"
    },
    {
      "cve": "CVE-2019-19291",
      "cwe": {
        "id": "CWE-313",
        "name": "Cleartext Storage in a File or on Disk"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain\nlog files that store login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19291: Disable the FTP service of the CCS",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19291"
    },
    {
      "cve": "CVE-2019-19292",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Control Center Server (CCS) contains an SQL injection\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nread or modify the CCS database and potentially execute administrative\ndatabase operations or operating system commands.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19292"
    },
    {
      "cve": "CVE-2019-19293",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web interface of the Control Center Server (CCS) contains a\nreflected Cross-site Scripting (XSS) vulnerability\nthat could allow an unauthenticated remote attacker to steal sensitive data\nor execute administrative actions on behalf of a legitimate administrator\nof the CCS web interface.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19290, CVE-2019-19293, CVE-2019-19294: Disable the web interface of CCS if not used. Alternatively, restrict access from localhost only, or only to trusted hosts of CCS administrators. Enable TLS for the web interface of CCS.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19293"
    },
    {
      "cve": "CVE-2019-19294",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web interface of the Control Center Server (CCS) contains\nmultiple stored Cross-site Scripting (XSS) vulnerabilities in several input\nfields.\nThis could allow an authenticated remote attacker to inject malicious\nJavaScript code into the CCS web application that is later executed\nin the browser context of any other user who views the relevant CCS\nweb content.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-19290, CVE-2019-19293, CVE-2019-19294: Disable the web interface of CCS if not used. Alternatively, restrict access from localhost only, or only to trusted hosts of CCS administrators. Enable TLS for the web interface of CCS.",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19294"
    },
    {
      "cve": "CVE-2019-19295",
      "cwe": {
        "id": "CWE-778",
        "name": "Insufficient Logging"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Control Center Server (CCS) does not enforce logging of\nsecurity-relevant activities in its XML-based communication protocol\nas provided by default on ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nperform covert actions that are not visible in the application log.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the CCS server to ensure that only legitimate systems are able to access the configured CCS server ports. Harden the CCS server accordingly to prevent unauthorized access. Consider to apply encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level).",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V1.5.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-19295"
    }
  ]
}

ghsa-2wg4-jvq7-qmph

Vulnerability from github

Published

2022-05-24 17:10

Modified

2024-01-09 12:30

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

Details

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19293"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-10T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.",
  "id": "GHSA-2wg4-jvq7-qmph",
  "modified": "2024-01-09T12:30:35Z",
  "published": "2022-05-24T17:10:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19293"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2019-19293

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-19293

Aliases

CVE-2019-19293

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19293",
    "description": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.",
    "id": "GSD-2019-19293"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19293"
      ],
      "details": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.",
      "id": "GSD-2019-19293",
      "modified": "2023-12-13T01:23:54.276137Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2019-19293",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Control Center Server (CCS)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V1.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0). The web interface of the Control Center Server (CCS) contains a\nreflected Cross-site Scripting (XSS) vulnerability\nthat could allow an unauthenticated remote attacker to steal sensitive data\nor execute administrative actions on behalf of a legitimate administrator\nof the CCS web interface."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "16668E9A-2D0A-425E-87F4-18CFC50551D3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0F21BB6D-BFE0-4B69-97F2-1A871A390B1E",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0). The web interface of the Control Center Server (CCS) contains a\nreflected Cross-site Scripting (XSS) vulnerability\nthat could allow an unauthenticated remote attacker to steal sensitive data\nor execute administrative actions on behalf of a legitimate administrator\nof the CCS web interface."
          },
          {
            "lang": "es",
            "value": "Se ha identificado una vulnerabilidad  Control Server (CCS) (Todas las versiones anteriores a V1.5.0).La interfaz web del Servidor del Centro de Control (CCS) contiene una vulnerabilidad de Cross-site Scripting (XSS) reflejada que podr\u00eda permitir a un atacante remoto no autentificado robar datos sensibles o ejecutar acciones administrativas en nombre de un administrador leg\u00edtimo de la interfaz web del CCS"
          }
        ],
        "id": "CVE-2019-19293",
        "lastModified": "2024-01-09T10:15:12.030",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.6,
              "impactScore": 4.0,
              "source": "productcert@siemens.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2020-03-10T20:15:19.337",
        "references": [
          {
            "source": "productcert@siemens.com",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
          },
          {
            "source": "productcert@siemens.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
          }
        ],
        "sourceIdentifier": "productcert@siemens.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "productcert@siemens.com",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

fkie_cve-2019-19293

Vulnerability from fkie_nvd

Published

2020-03-10 20:15

Modified

2024-11-21 04:34

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	siemens	sinvr_3_central_control_server	*
	siemens	sinvr_3_video_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16668E9A-2D0A-425E-87F4-18CFC50551D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F21BB6D-BFE0-4B69-97F2-1A871A390B1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0). The web interface of the Control Center Server (CCS) contains a\nreflected Cross-site Scripting (XSS) vulnerability\nthat could allow an unauthenticated remote attacker to steal sensitive data\nor execute administrative actions on behalf of a legitimate administrator\nof the CCS web interface."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad  Control Server (CCS) (Todas las versiones anteriores a V1.5.0).La interfaz web del Servidor del Centro de Control (CCS) contiene una vulnerabilidad de Cross-site Scripting (XSS) reflejada que podr\u00eda permitir a un atacante remoto no autentificado robar datos sensibles o ejecutar acciones administrativas en nombre de un administrador leg\u00edtimo de la interfaz web del CCS"
    }
  ],
  "id": "CVE-2019-19293",
  "lastModified": "2024-11-21T04:34:30.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 4.0,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-10T20:15:19.337",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-19293 (GCVE-0-2019-19293)

Vulnerability from cvelistv5

ssa-761844

Vulnerability from csaf_siemens

ghsa-2wg4-jvq7-qmph

Vulnerability from github

gsd-2019-19293

Vulnerability from gsd

fkie_cve-2019-19293

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature