← back
CVE-2019-19291

CVE-2019-19291

CVSS 5.3 MEDIUMEPSS 0.7%CWE-313
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C
Affected products
Siemens · Control Center Server (CCS)Siemens · SiNVR/SiVMS Video Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf