Sign-up

ID

VAR-201912-1241


CVE

CVE-2019-18337


TITLE

Siemens SiNVR 3 Central Control Server (CCS) Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: c8dbd2da-6c27-4851-b49a-538c492f2950 // CNVD: CNVD-2019-44754

DESCRIPTION

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.97

sources: NVD: CVE-2019-18337 // JVNDB: JVNDB-2019-013203 // CNVD: CNVD-2019-44754 // CNNVD: CNNVD-202104-975 // IVD: c8dbd2da-6c27-4851-b49a-538c492f2950 // VULMON: CVE-2019-18337

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: c8dbd2da-6c27-4851-b49a-538c492f2950 // CNVD: CNVD-2019-44754

AFFECTED PRODUCTS

vendor:siemensmodel:sinvr 3 central control serverscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinvr 3 video serverscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:sinvr 3 central control serverscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinvr 3 video serverscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:sinvr central control serverscope:eqversion:3

Trust: 0.6

vendor:sinvr 3 central control servermodel: - scope:eqversion:*

Trust: 0.2

vendor:sinvr 3 video servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: c8dbd2da-6c27-4851-b49a-538c492f2950 // CNVD: CNVD-2019-44754 // JVNDB: JVNDB-2019-013203 // NVD: CVE-2019-18337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18337
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2019-18337
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-18337
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-44754
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-427
value: CRITICAL

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

IVD: c8dbd2da-6c27-4851-b49a-538c492f2950
value: MEDIUM

Trust: 0.2

VULMON: CVE-2019-18337
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-18337
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-44754
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: c8dbd2da-6c27-4851-b49a-538c492f2950
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-18337
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2019-18337
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: c8dbd2da-6c27-4851-b49a-538c492f2950 // CNVD: CNVD-2019-44754 // VULMON: CVE-2019-18337 // JVNDB: JVNDB-2019-013203 // CNNVD: CNNVD-201912-427 // CNNVD: CNNVD-202104-975 // NVD: CVE-2019-18337 // NVD: CVE-2019-18337

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-013203 // NVD: CVE-2019-18337

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-427

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-427

PATCH

title:SSA-761617url:https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

Trust: 0.8

title:Patch for Siemens SiNVR 3 Central Control Server (CCS) Authentication Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/193667

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=03dd7efb196bdf8da925c4ca8f3d02f6

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=98fa33ab2106a639337b5db77c71e637

Trust: 0.1

sources: CNVD: CNVD-2019-44754 // VULMON: CVE-2019-18337 // JVNDB: JVNDB-2019-013203

EXTERNAL IDS

db:NVDid:CVE-2019-18337

Trust: 3.3

db:SIEMENSid:SSA-761617

Trust: 2.3

db:SIEMENSid:SSA-761844

Trust: 1.7

db:ICS CERTid:ICSA-19-344-02

Trust: 1.4

db:CNVDid:CNVD-2019-44754

Trust: 0.8

db:CNNVDid:CNNVD-201912-427

Trust: 0.8

db:JVNid:JVNVU96269392

Trust: 0.8

db:JVNDBid:JVNDB-2019-013203

Trust: 0.8

db:CS-HELPid:SB2021041517

Trust: 0.6

db:ICS CERTid:ICSA-21-103-10

Trust: 0.6

db:ICS CERTid:ICSA-19-344-01

Trust: 0.6

db:AUSCERTid:ESB-2019.4625

Trust: 0.6

db:AUSCERTid:ESB-2021.1240

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:IVDid:C8DBD2DA-6C27-4851-B49A-538C492F2950

Trust: 0.2

db:VULMONid:CVE-2019-18337

Trust: 0.1

sources: IVD: c8dbd2da-6c27-4851-b49a-538c492f2950 // CNVD: CNVD-2019-44754 // VULMON: CVE-2019-18337 // JVNDB: JVNDB-2019-013203 // CNNVD: CNNVD-201912-427 // CNNVD: CNNVD-202104-975 // NVD: CVE-2019-18337

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-18337

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsa-19-344-02

Trust: 1.4

url:https://jvn.jp/vu/jvnvu96269392/index.html

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-103-10

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1240

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4625/

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-19-344-01

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041517

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-761844.txt

Trust: 0.1

sources: CNVD: CNVD-2019-44754 // VULMON: CVE-2019-18337 // JVNDB: JVNDB-2019-013203 // CNNVD: CNNVD-201912-427 // CNNVD: CNNVD-202104-975 // NVD: CVE-2019-18337

SOURCES

db:IVDid:c8dbd2da-6c27-4851-b49a-538c492f2950
db:CNVDid:CNVD-2019-44754
db:VULMONid:CVE-2019-18337
db:JVNDBid:JVNDB-2019-013203
db:CNNVDid:CNNVD-201912-427
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2019-18337

LAST UPDATE DATE

2024-08-14T12:25:58.570000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-44754date:2019-12-11T00:00:00
db:VULMONid:CVE-2019-18337date:2021-04-22T00:00:00
db:JVNDBid:JVNDB-2019-013203date:2021-04-16T09:14:00
db:CNNVDid:CNNVD-201912-427date:2021-04-16T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2019-18337date:2024-01-09T10:15:09.160

SOURCES RELEASE DATE

db:IVDid:c8dbd2da-6c27-4851-b49a-538c492f2950date:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44754date:2019-12-11T00:00:00
db:VULMONid:CVE-2019-18337date:2019-12-12T00:00:00
db:JVNDBid:JVNDB-2019-013203date:2019-12-23T00:00:00
db:CNNVDid:CNNVD-201912-427date:2019-12-10T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2019-18337date:2019-12-12T19:15:20.107