CVE-2019-13947

EPSS 0.18%
Veröffentlicht 12.12.2019 19:15:15
Zuletzt bearbeitet 21.11.2024 04:25:45
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the
Control Center Server (CCS) transfers user passwords in clear to the
client (browser).

An attacker with administrative privileges for the web interface could be
able to read (and not only reset) passwords of other CCS users.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Sinvr 3 Central Control Server

Siemens ≫ Sinvr 3 Video Server

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.405

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
productcert@siemens.com	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-317 Cleartext Storage of Sensitive Information in GUI

The product stores sensitive information in cleartext within the GUI.

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

https://nvd.nist.gov/vuln/detail/CVE-2019-13947

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13947

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13947

EUVD