ID
VAR-201912-1831
CVE
CVE-2019-18342
TITLE
SiNVR 3 Central Control Server and Video Server Input verification vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2019-013202
DESCRIPTION
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server. (DoS) It may be in a state. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Trust: 2.97
sources:
NVD: CVE-2019-18342 //
JVNDB: JVNDB-2019-013202 //
CNVD: CNVD-2019-44751 //
CNNVD: CNNVD-202104-975 //
IVD: 9da5a9cd-5252-440f-a8c2-d5d9c8d2e96e //
VULMON: CVE-2019-18342
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
sources:
IVD: 9da5a9cd-5252-440f-a8c2-d5d9c8d2e96e //
CNVD: CNVD-2019-44751
AFFECTED PRODUCTS
| vendor: | siemens | model: | control center server | scope: | lt | version: | 1.5.0 | Trust: 1.0 |
| vendor: | シーメンス | model: | sinvr 3 video server | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinvr 3 central control server | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | sinvr central control server | scope: | eq | version: | 3 | Trust: 0.6 |
| vendor: | sinvr 3 central control server | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | sinvr 3 video server | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: 9da5a9cd-5252-440f-a8c2-d5d9c8d2e96e //
CNVD: CNVD-2019-44751 //
JVNDB: JVNDB-2019-013202 //
NVD: CVE-2019-18342
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: 9da5a9cd-5252-440f-a8c2-d5d9c8d2e96e //
CNVD: CNVD-2019-44751 //
VULMON: CVE-2019-18342 //
JVNDB: JVNDB-2019-013202 //
CNNVD: CNNVD-202104-975 //
CNNVD: CNNVD-201912-422 //
NVD: CVE-2019-18342 //
NVD: CVE-2019-18342
PROBLEMTYPE DATA
| problemtype: | CWE-749 | Trust: 1.0 |
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
| problemtype: | Inappropriate input confirmation (CWE-20) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2019-013202 //
NVD: CVE-2019-18342
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201912-422
TYPE
other
Trust: 1.2
sources:
CNNVD: CNNVD-202104-975 //
CNNVD: CNNVD-201912-422
PATCH
| title: | SSA-761617 | url: | https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf | Trust: 0.8 |
| title: | Patch for Siemens SiNVR 3 Central Control Server (CCS) Privilege Escalation Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/193681 | Trust: 0.6 |
| title: | Siemens Security Advisories: Siemens Security Advisory | url: | https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=03dd7efb196bdf8da925c4ca8f3d02f6 | Trust: 0.1 |
| title: | Siemens Security Advisories: Siemens Security Advisory | url: | https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=98fa33ab2106a639337b5db77c71e637 | Trust: 0.1 |
sources:
CNVD: CNVD-2019-44751 //
VULMON: CVE-2019-18342 //
JVNDB: JVNDB-2019-013202
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-18342 | Trust: 4.1 |
| db: | SIEMENS | id: | SSA-761617 | Trust: 2.3 |
| db: | SIEMENS | id: | SSA-761844 | Trust: 1.7 |
| db: | ICS CERT | id: | ICSA-19-344-02 | Trust: 1.4 |
| db: | CNVD | id: | CNVD-2019-44751 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201912-422 | Trust: 0.8 |
| db: | JVN | id: | JVNVU96269392 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2019-013202 | Trust: 0.8 |
| db: | CS-HELP | id: | SB2021041363 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202104-975 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2021041517 | Trust: 0.6 |
| db: | ICS CERT | id: | ICSA-21-103-10 | Trust: 0.6 |
| db: | ICS CERT | id: | ICSA-19-344-01 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2019.4625 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2021.1240 | Trust: 0.6 |
| db: | IVD | id: | 9DA5A9CD-5252-440F-A8C2-D5D9C8D2E96E | Trust: 0.2 |
| db: | VULMON | id: | CVE-2019-18342 | Trust: 0.1 |
sources:
IVD: 9da5a9cd-5252-440f-a8c2-d5d9c8d2e96e //
CNVD: CNVD-2019-44751 //
VULMON: CVE-2019-18342 //
JVNDB: JVNDB-2019-013202 //
CNNVD: CNNVD-202104-975 //
CNNVD: CNNVD-201912-422 //
NVD: CVE-2019-18342
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf | Trust: 2.3 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-18342 | Trust: 1.4 |
| url: | https://www.us-cert.gov/ics/advisories/icsa-19-344-02 | Trust: 1.4 |
| url: | https://jvn.jp/vu/jvnvu96269392/index.html | Trust: 0.8 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021041363 | Trust: 0.6 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-103-10 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.1240 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2019.4625/ | Trust: 0.6 |
| url: | https://www.us-cert.gov/ics/advisories/icsa-19-344-01 | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021041517 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/749.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://cert-portal.siemens.com/productcert/txt/ssa-761844.txt | Trust: 0.1 |
sources:
CNVD: CNVD-2019-44751 //
VULMON: CVE-2019-18342 //
JVNDB: JVNDB-2019-013202 //
CNNVD: CNNVD-202104-975 //
CNNVD: CNNVD-201912-422 //
NVD: CVE-2019-18342
SOURCES
| db: | IVD | id: | 9da5a9cd-5252-440f-a8c2-d5d9c8d2e96e |
| db: | CNVD | id: | CNVD-2019-44751 |
| db: | VULMON | id: | CVE-2019-18342 |
| db: | JVNDB | id: | JVNDB-2019-013202 |
| db: | CNNVD | id: | CNNVD-202104-975 |
| db: | CNNVD | id: | CNNVD-201912-422 |
| db: | NVD | id: | CVE-2019-18342 |
LAST UPDATE DATE
2024-08-14T12:32:33.601000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-44751 | date: | 2019-12-11T00:00:00 |
| db: | VULMON | id: | CVE-2019-18342 | date: | 2021-04-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013202 | date: | 2024-02-20T07:01:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-422 | date: | 2021-11-04T00:00:00 |
| db: | NVD | id: | CVE-2019-18342 | date: | 2024-01-09T10:15:10.690 |
SOURCES RELEASE DATE
| db: | IVD | id: | 9da5a9cd-5252-440f-a8c2-d5d9c8d2e96e | date: | 2019-12-11T00:00:00 |
| db: | CNVD | id: | CNVD-2019-44751 | date: | 2019-12-11T00:00:00 |
| db: | VULMON | id: | CVE-2019-18342 | date: | 2019-12-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-013202 | date: | 2019-12-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201912-422 | date: | 2019-12-10T00:00:00 |
| db: | NVD | id: | CVE-2019-18342 | date: | 2019-12-12T19:15:20.763 |