CVE-2019-18340

Published: Dic 12, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-8129 Aliases: GSD-2019-18340

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,5

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: none

Availability: none

LOW 2,1

Source: [email protected]

Access Vector: local

Access Complexity: low

Authentication: none

Confidentiality: partial

Integrity: none

Availability: none

Description

AI Translation Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store
user and device passwords by applying weak cryptography.

A local attacker could exploit this vulnerability to extract
the passwords from the user database and/or the device configuration files
to conduct further attacks.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0006

Percentile

0,2th

Updated

EPSS Score Trend (Last 90 Days)

327

Use of a Broken or Risky Cryptographic Algorithm

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Accountability Non-Repudiation

Potential Impacts:

Read Application Data Modify Application Data Hide Activities

Applicable Platforms

Languages: Not Language-Specific, Verilog, VHDL

Technologies: Not Technology-Specific, ICS/OT

Likelihood of Exploit: High

View CWE Details

Application

Sinvr 3 Video Server by Siemens

Product Information

Vendor Siemens

Product Sinvr 3 Video Server

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Sinvr 3 Central Control Server by Siemens

Product Information

Vendor Siemens

Product Sinvr 3 Central Control Server

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.…

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.…

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.…

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.…

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

CVE-2019-18340

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Use of a Broken or Risky Cryptographic Algorithm

Common Consequences

Applicable Platforms

Sinvr 3 Video Server by Siemens

Product Information

Sinvr 3 Central Control Server by Siemens

Product Information

Iscriviti alla newsletter