Details of VAR-202109-0178

ID

VAR-202109-0178

CVE

CVE-2019-10941

TITLE

SINEMA Server Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011729

DESCRIPTION

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2019-10941 // JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2019-10941

AFFECTED PRODUCTS

vendor:	siemens	model:	sinema server	scope:	eq	version:	14.0	Trust: 1.0
vendor:	siemens	model:	sinema server	scope:	lt	version:	14.0	Trust: 1.0
vendor:	シーメンス	model:	sinema server	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinema server	scope:	eq	version:	14 sp3	Trust: 0.8

sources: JVNDB: JVNDB-2021-011729 // NVD: CVE-2019-10941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10941
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10941
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-948
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-10941
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10941
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2019-10941
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10941
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-10941 // JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-948 // NVD: CVE-2019-10941

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011729 // NVD: CVE-2019-10941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-948

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	SSA-835377	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf	Trust: 0.8
title:	SINEMA Server Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162483	Trust: 0.6

sources: JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202109-948

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10941	Trust: 3.3
db:	SIEMENS	id:	SSA-835377	Trust: 1.7
db:	ICS CERT	id:	ICSA-21-257-12	Trust: 1.4
db:	JVN	id:	JVNVU96712416	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-011729	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021091615	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-948	Trust: 0.6
db:	VULMON	id:	CVE-2019-10941	Trust: 0.1

sources: VULMON: CVE-2019-10941 // JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-948 // NVD: CVE-2019-10941

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10941	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu96712416/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-257-12	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-257-12	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021091615	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/306.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2019-10941 // JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-948 // NVD: CVE-2019-10941

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202109-948

SOURCES

db:	VULMON	id:	CVE-2019-10941
db:	JVNDB	id:	JVNDB-2021-011729
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-948
db:	NVD	id:	CVE-2019-10941

LAST UPDATE DATE

2024-08-14T12:45:50.748000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-10941	date:	2021-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-011729	date:	2022-08-10T02:33:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-948	date:	2021-09-24T00:00:00
db:	NVD	id:	CVE-2019-10941	date:	2021-09-23T15:39:30.350

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-10941	date:	2021-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-011729	date:	2022-08-10T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-948	date:	2021-09-14T00:00:00
db:	NVD	id:	CVE-2019-10941	date:	2021-09-14T11:15:07.933