CVE-2019-13947

EPSS 0.18%
Published 12.12.2019 19:15:15
Last modified 21.11.2024 04:25:45
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the
Control Center Server (CCS) transfers user passwords in clear to the
client (browser).

An attacker with administrative privileges for the web interface could be
able to read (and not only reset) passwords of other CCS users.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Sinvr 3 Central Control Server

Siemens ≫ Sinvr 3 Video Server

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.405

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
productcert@siemens.com	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-317 Cleartext Storage of Sensitive Information in GUI

The product stores sensitive information in cleartext within the GUI.

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

https://nvd.nist.gov/vuln/detail/CVE-2019-13947

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13947

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13947

EUVD