Details of VAR-201912-1245

ID

VAR-201912-1245

CVE

CVE-2019-18341

TITLE

Siemens SiNVR 3 Central Control Server (CCS) Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: 461e666f-adbb-4b9e-8173-85d47e4af9fb // CNVD: CNVD-2019-44750

DESCRIPTION

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations). SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.97

sources: NVD: CVE-2019-18341 // JVNDB: JVNDB-2019-013201 // CNVD: CNVD-2019-44750 // CNNVD: CNNVD-202104-975 // IVD: 461e666f-adbb-4b9e-8173-85d47e4af9fb // VULMON: CVE-2019-18341

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 461e666f-adbb-4b9e-8173-85d47e4af9fb // CNVD: CNVD-2019-44750

AFFECTED PRODUCTS

vendor:	siemens	model:	sinvr 3 video server	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sinvr 3 central control server	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	sinvr 3 central control server	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinvr 3 video server	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	sinvr central control server	scope:	eq	version:	3	Trust: 0.6
vendor:	sinvr 3 central control server	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sinvr 3 video server	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 461e666f-adbb-4b9e-8173-85d47e4af9fb // CNVD: CNVD-2019-44750 // JVNDB: JVNDB-2019-013201 // NVD: CVE-2019-18341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18341
value:	MEDIUM
Trust: 1.0
productcert@siemens.com:	CVE-2019-18341
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-18341
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-44750
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-423
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
IVD:	461e666f-adbb-4b9e-8173-85d47e4af9fb
value:	MEDIUM
Trust: 0.2
VULMON:	CVE-2019-18341
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-18341
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-44750
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	461e666f-adbb-4b9e-8173-85d47e4af9fb
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2019-18341
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2019-18341
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 461e666f-adbb-4b9e-8173-85d47e4af9fb // CNVD: CNVD-2019-44750 // VULMON: CVE-2019-18341 // JVNDB: JVNDB-2019-013201 // CNNVD: CNNVD-201912-423 // CNNVD: CNNVD-202104-975 // NVD: CVE-2019-18341 // NVD: CVE-2019-18341

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-013201 // NVD: CVE-2019-18341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-423

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-423

PATCH

title:	SSA-761617	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf	Trust: 0.8
title:	Patch for Siemens SiNVR 3 Central Control Server (CCS) Authentication Bypass Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/193679	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=03dd7efb196bdf8da925c4ca8f3d02f6	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=98fa33ab2106a639337b5db77c71e637	Trust: 0.1

sources: CNVD: CNVD-2019-44750 // VULMON: CVE-2019-18341 // JVNDB: JVNDB-2019-013201

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18341	Trust: 3.3
db:	SIEMENS	id:	SSA-761617	Trust: 2.3
db:	SIEMENS	id:	SSA-761844	Trust: 1.7
db:	ICS CERT	id:	ICSA-19-344-02	Trust: 1.4
db:	CNVD	id:	CNVD-2019-44750	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-423	Trust: 0.8
db:	JVN	id:	JVNVU96269392	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013201	Trust: 0.8
db:	CS-HELP	id:	SB2021041517	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-103-10	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-344-01	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4625	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1240	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	IVD	id:	461E666F-ADBB-4B9E-8173-85D47E4AF9FB	Trust: 0.2
db:	VULMON	id:	CVE-2019-18341	Trust: 0.1

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18341	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsa-19-344-02	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96269392/index.html	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-10	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1240	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4625/	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-344-01	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041517	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-761844.txt	Trust: 0.1

sources: CNVD: CNVD-2019-44750 // VULMON: CVE-2019-18341 // JVNDB: JVNDB-2019-013201 // CNNVD: CNNVD-201912-423 // CNNVD: CNNVD-202104-975 // NVD: CVE-2019-18341

SOURCES

db:	IVD	id:	461e666f-adbb-4b9e-8173-85d47e4af9fb
db:	CNVD	id:	CNVD-2019-44750
db:	VULMON	id:	CVE-2019-18341
db:	JVNDB	id:	JVNDB-2019-013201
db:	CNNVD	id:	CNNVD-201912-423
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2019-18341

LAST UPDATE DATE

2024-11-23T20:02:45.729000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-44750	date:	2019-12-11T00:00:00
db:	VULMON	id:	CVE-2019-18341	date:	2021-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-013201	date:	2021-04-16T09:16:00
db:	CNNVD	id:	CNNVD-201912-423	date:	2021-04-16T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2019-18341	date:	2024-11-21T04:33:04.987

SOURCES RELEASE DATE

db:	IVD	id:	461e666f-adbb-4b9e-8173-85d47e4af9fb	date:	2019-12-11T00:00:00
db:	CNVD	id:	CNVD-2019-44750	date:	2019-12-11T00:00:00
db:	VULMON	id:	CVE-2019-18341	date:	2019-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-013201	date:	2019-12-23T00:00:00
db:	CNNVD	id:	CNNVD-201912-423	date:	2019-12-10T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2019-18341	date:	2019-12-12T19:15:20.670