Sign-up

ID

VAR-201909-0862


CVE

CVE-2019-13918


TITLE

Siemens SINEMA Remote Connect Server Password guessing vulnerability

Trust: 0.8

sources: IVD: ad4ddd10-3dec-4093-88fc-318233ad7a5b // CNVD: CNVD-2019-31661

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. SINEMA Remote Connect Server Contains a vulnerability related to weak password requests.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SINEMA Remote Connect helps users access remote devices or machines for easy and safe maintenance. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network

Trust: 2.43

sources: NVD: CVE-2019-13918 // JVNDB: JVNDB-2019-009302 // CNVD: CNVD-2019-31661 // IVD: ad4ddd10-3dec-4093-88fc-318233ad7a5b // VULHUB: VHN-145812

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ad4ddd10-3dec-4093-88fc-318233ad7a5b // CNVD: CNVD-2019-31661

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:eqversion:2.0

Trust: 1.6

vendor:siemensmodel:sinema remote connect serverscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:2.0 sp1

Trust: 0.8

vendor:siemensmodel:sinema remote connect server sp1scope:ltversion:v2.0

Trust: 0.6

vendor:sinema remote connect servermodel: - scope:eqversion:2.0

Trust: 0.4

vendor:sinema remote connect servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ad4ddd10-3dec-4093-88fc-318233ad7a5b // CNVD: CNVD-2019-31661 // JVNDB: JVNDB-2019-009302 // CNNVD: CNNVD-201909-678 // NVD: CVE-2019-13918

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13918
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-13918
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-31661
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201909-678
value: CRITICAL

Trust: 0.6

IVD: ad4ddd10-3dec-4093-88fc-318233ad7a5b
value: CRITICAL

Trust: 0.2

VULHUB: VHN-145812
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13918
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-31661
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ad4ddd10-3dec-4093-88fc-318233ad7a5b
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-145812
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13918
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13918
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: ad4ddd10-3dec-4093-88fc-318233ad7a5b // CNVD: CNVD-2019-31661 // VULHUB: VHN-145812 // JVNDB: JVNDB-2019-009302 // CNNVD: CNNVD-201909-678 // NVD: CVE-2019-13918

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.9

problemtype:CWE-307

Trust: 1.0

sources: VULHUB: VHN-145812 // JVNDB: JVNDB-2019-009302 // NVD: CVE-2019-13918

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-678

TYPE

other

Trust: 0.8

sources: IVD: ad4ddd10-3dec-4093-88fc-318233ad7a5b // CNNVD: CNNVD-201909-678

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009302

PATCH
title:SSA-884497url:https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
Trust: 0.8
title:Siemens SINEMA Remote Connect Server password guessing vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/180403
Trust: 0.6
title:SINEMA Remote Connect Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98245
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-31661 // 
            
            
            
            JVNDB: JVNDB-2019-009302 // 
            
            
            
            CNNVD: CNNVD-201909-678

EXTERNAL IDS
db:NVDid:CVE-2019-13918
Trust: 3.3
db:SIEMENSid:SSA-884497
Trust: 2.3
db:ICS CERTid:ICSA-19-260-02
Trust: 1.4
db:ICS CERTid:ICSA-19-281-02
Trust: 1.4
db:CNNVDid:CNNVD-201909-678
Trust: 0.9
db:CNVDid:CNVD-2019-31661
Trust: 0.8
db:JVNDBid:JVNDB-2019-009302
Trust: 0.8
db:AUSCERTid:ESB-2019.3559
Trust: 0.6
db:AUSCERTid:ESB-2019.3777
Trust: 0.6
db:IVDid:AD4DDD10-3DEC-4093-88FC-318233AD7A5B
Trust: 0.2
db:VULHUBid:VHN-145812
Trust: 0.1
sources:
            
            
            IVD: ad4ddd10-3dec-4093-88fc-318233ad7a5b // 
            
            
            
            CNVD: CNVD-2019-31661 // 
            
            
            
            VULHUB: VHN-145812 // 
            
            
            
            JVNDB: JVNDB-2019-009302 // 
            
            
            
            CNNVD: CNNVD-201909-678 // 
            
            
            
            NVD: CVE-2019-13918

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf
Trust: 2.3
url:https://www.us-cert.gov/ics/advisories/icsa-19-260-02
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsa-19-281-02
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-13918
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13918
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3559/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3777/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-31661 // 
            
            
            
            VULHUB: VHN-145812 // 
            
            
            
            JVNDB: JVNDB-2019-009302 // 
            
            
            
            CNNVD: CNNVD-201909-678 // 
            
            
            
            NVD: CVE-2019-13918

SOURCES
db:IVDid:ad4ddd10-3dec-4093-88fc-318233ad7a5b
db:CNVDid:CNVD-2019-31661
db:VULHUBid:VHN-145812
db:JVNDBid:JVNDB-2019-009302
db:CNNVDid:CNNVD-201909-678
db:NVDid:CVE-2019-13918

LAST UPDATE DATE
2024-08-14T13:55:08.431000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-31661date:2019-09-16T00:00:00
db:VULHUBid:VHN-145812date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009302date:2019-10-10T00:00:00
db:CNNVDid:CNNVD-201909-678date:2019-10-17T00:00:00
db:NVDid:CVE-2019-13918date:2019-10-09T23:46:36.813

SOURCES RELEASE DATE
db:IVDid:ad4ddd10-3dec-4093-88fc-318233ad7a5bdate:2019-09-16T00:00:00
db:CNVDid:CNVD-2019-31661date:2019-09-16T00:00:00
db:VULHUBid:VHN-145812date:2019-09-13T00:00:00
db:JVNDBid:JVNDB-2019-009302date:2019-09-18T00:00:00
db:CNNVDid:CNNVD-201909-678date:2019-09-13T00:00:00
db:NVDid:CVE-2019-13918date:2019-09-13T17:15:11.757