Details of VAR-201909-1510

ID

VAR-201909-1510

CVE

CVE-2019-13919

TITLE

Siemens SINEMA Remote Connect Server Unprivileged User Access Vulnerability

Trust: 0.8

sources: IVD: d41de96e-852a-44e0-96f6-311a3fd2115c // CNVD: CNVD-2019-31662

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. SINEMA Remote Connect helps users access remote devices or machines for easy and safe maintenance. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network

Trust: 2.43

sources: NVD: CVE-2019-13919 // JVNDB: JVNDB-2019-009303 // CNVD: CNVD-2019-31662 // IVD: d41de96e-852a-44e0-96f6-311a3fd2115c // VULHUB: VHN-145813

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d41de96e-852a-44e0-96f6-311a3fd2115c // CNVD: CNVD-2019-31662

AFFECTED PRODUCTS

vendor:	siemens	model:	sinema remote connect server	scope:	eq	version:	2.0	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	2.0 sp1	Trust: 0.8
vendor:	siemens	model:	sinema remote connect server sp1	scope:	lt	version:	v2.0	Trust: 0.6
vendor:	sinema remote connect server	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sinema remote connect server	model:	-	scope:	eq	version:	2.0	Trust: 0.2

sources: IVD: d41de96e-852a-44e0-96f6-311a3fd2115c // CNVD: CNVD-2019-31662 // JVNDB: JVNDB-2019-009303 // NVD: CVE-2019-13919

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13919
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-13919
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-31662
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201909-688
value:	MEDIUM
Trust: 0.6
IVD:	d41de96e-852a-44e0-96f6-311a3fd2115c
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-145813
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-13919
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-31662
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d41de96e-852a-44e0-96f6-311a3fd2115c
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-145813
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-13919
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13919
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: d41de96e-852a-44e0-96f6-311a3fd2115c // CNVD: CNVD-2019-31662 // VULHUB: VHN-145813 // JVNDB: JVNDB-2019-009303 // CNNVD: CNNVD-201909-688 // NVD: CVE-2019-13919

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-145813 // JVNDB: JVNDB-2019-009303 // NVD: CVE-2019-13919

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-688

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-688

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009303

PATCH

title:	SSA-884497	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf	Trust: 0.8
title:	Patch for Siemens SINEMA Remote Connect Server Unprivileged User Access Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/180405	Trust: 0.6
title:	SINEMA Remote Connect Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98254	Trust: 0.6

sources: CNVD: CNVD-2019-31662 // JVNDB: JVNDB-2019-009303 // CNNVD: CNNVD-201909-688

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13919	Trust: 3.3
db:	SIEMENS	id:	SSA-884497	Trust: 2.3
db:	CNNVD	id:	CNNVD-201909-688	Trust: 0.9
db:	CNVD	id:	CNVD-2019-31662	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-009303	Trust: 0.8
db:	IVD	id:	D41DE96E-852A-44E0-96F6-311A3FD2115C	Trust: 0.2
db:	VULHUB	id:	VHN-145813	Trust: 0.1

sources: IVD: d41de96e-852a-44e0-96f6-311a3fd2115c // CNVD: CNVD-2019-31662 // VULHUB: VHN-145813 // JVNDB: JVNDB-2019-009303 // CNNVD: CNNVD-201909-688 // NVD: CVE-2019-13919

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13919	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13919	Trust: 0.8

sources: CNVD: CNVD-2019-31662 // VULHUB: VHN-145813 // JVNDB: JVNDB-2019-009303 // CNNVD: CNNVD-201909-688 // NVD: CVE-2019-13919

SOURCES

db:	IVD	id:	d41de96e-852a-44e0-96f6-311a3fd2115c
db:	CNVD	id:	CNVD-2019-31662
db:	VULHUB	id:	VHN-145813
db:	JVNDB	id:	JVNDB-2019-009303
db:	CNNVD	id:	CNNVD-201909-688
db:	NVD	id:	CVE-2019-13919

LAST UPDATE DATE

2024-08-14T13:55:08.394000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-31662	date:	2019-09-16T00:00:00
db:	VULHUB	id:	VHN-145813	date:	2021-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-009303	date:	2019-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201909-688	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2019-13919	date:	2021-11-02T20:02:56.487

SOURCES RELEASE DATE

db:	IVD	id:	d41de96e-852a-44e0-96f6-311a3fd2115c	date:	2019-09-16T00:00:00
db:	CNVD	id:	CNVD-2019-31662	date:	2019-09-16T00:00:00
db:	VULHUB	id:	VHN-145813	date:	2019-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-009303	date:	2019-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201909-688	date:	2019-09-13T00:00:00
db:	NVD	id:	CVE-2019-13919	date:	2019-09-13T17:15:11.803