Details of VAR-201912-1177

ID

VAR-201912-1177

CVE

CVE-2019-13947

TITLE

Siemens SiNVR 3 Central Control Server (CCS) Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: 4c53da3c-88e8-4cc0-99a4-89a86a1407ff // CNVD: CNVD-2019-44753

DESCRIPTION

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.97

sources: NVD: CVE-2019-13947 // JVNDB: JVNDB-2019-013233 // CNVD: CNVD-2019-44753 // CNNVD: CNNVD-202104-975 // IVD: 4c53da3c-88e8-4cc0-99a4-89a86a1407ff // VULMON: CVE-2019-13947

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 4c53da3c-88e8-4cc0-99a4-89a86a1407ff // CNVD: CNVD-2019-44753

AFFECTED PRODUCTS

vendor:	siemens	model:	sinvr 3 central control server	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinvr 3 video server	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	sinvr 3 central control server	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinvr 3 video server	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	sinvr central control server	scope:	eq	version:	3	Trust: 0.6
vendor:	sinvr 3 central control server	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sinvr 3 video server	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 4c53da3c-88e8-4cc0-99a4-89a86a1407ff // CNVD: CNVD-2019-44753 // JVNDB: JVNDB-2019-013233 // NVD: CVE-2019-13947

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13947
value:	MEDIUM
Trust: 1.0
productcert@siemens.com:	CVE-2019-13947
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-13947
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-44753
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-420
value:	MEDIUM
Trust: 0.6
IVD:	4c53da3c-88e8-4cc0-99a4-89a86a1407ff
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2019-13947
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-13947
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-44753
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	4c53da3c-88e8-4cc0-99a4-89a86a1407ff
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-13947
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2019-13947
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 4c53da3c-88e8-4cc0-99a4-89a86a1407ff // CNVD: CNVD-2019-44753 // VULMON: CVE-2019-13947 // JVNDB: JVNDB-2019-013233 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-201912-420 // NVD: CVE-2019-13947 // NVD: CVE-2019-13947

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	CWE-317	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-013233 // NVD: CVE-2019-13947

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-420

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-201912-420

PATCH

title:	SSA-761617	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf	Trust: 0.8
title:	Patch for Siemens SiNVR 3 Central Control Server (CCS) Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/193665	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=03dd7efb196bdf8da925c4ca8f3d02f6	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=98fa33ab2106a639337b5db77c71e637	Trust: 0.1

sources: CNVD: CNVD-2019-44753 // VULMON: CVE-2019-13947 // JVNDB: JVNDB-2019-013233

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13947	Trust: 3.3
db:	SIEMENS	id:	SSA-761617	Trust: 2.3
db:	SIEMENS	id:	SSA-761844	Trust: 1.7
db:	ICS CERT	id:	ICSA-19-344-02	Trust: 1.4
db:	CNVD	id:	CNVD-2019-44753	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-420	Trust: 0.8
db:	JVN	id:	JVNVU96269392	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013233	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-103-10	Trust: 0.6
db:	CS-HELP	id:	SB2021041517	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4625	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1240	Trust: 0.6
db:	IVD	id:	4C53DA3C-88E8-4CC0-99A4-89A86A1407FF	Trust: 0.2
db:	VULMON	id:	CVE-2019-13947	Trust: 0.1

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13947	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsa-19-344-02	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96269392/index.html	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-10	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1240	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4625/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041517	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/317.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-761844.txt	Trust: 0.1

sources: CNVD: CNVD-2019-44753 // VULMON: CVE-2019-13947 // JVNDB: JVNDB-2019-013233 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-201912-420 // NVD: CVE-2019-13947

SOURCES

db:	IVD	id:	4c53da3c-88e8-4cc0-99a4-89a86a1407ff
db:	CNVD	id:	CNVD-2019-44753
db:	VULMON	id:	CVE-2019-13947
db:	JVNDB	id:	JVNDB-2019-013233
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-201912-420
db:	NVD	id:	CVE-2019-13947

LAST UPDATE DATE

2024-08-14T13:04:36.590000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-44753	date:	2019-12-11T00:00:00
db:	VULMON	id:	CVE-2019-13947	date:	2021-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-013233	date:	2021-04-16T09:14:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-201912-420	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2019-13947	date:	2024-01-09T10:15:08.820

SOURCES RELEASE DATE

db:	IVD	id:	4c53da3c-88e8-4cc0-99a4-89a86a1407ff	date:	2019-12-11T00:00:00
db:	CNVD	id:	CNVD-2019-44753	date:	2019-12-11T00:00:00
db:	VULMON	id:	CVE-2019-13947	date:	2019-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-013233	date:	2019-12-23T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201912-420	date:	2019-12-10T00:00:00
db:	NVD	id:	CVE-2019-13947	date:	2019-12-12T19:15:15.327