CVE-2019-18341

CVSS 5.3 MEDIUMEPSS 1.6%CWE-287

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C

Produtos afetados

Siemens · Control Center Server (CCS)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf