ID

VAR-202109-0178


CVE

CVE-2019-10941


TITLE

SINEMA Server  Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011729

DESCRIPTION

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2019-10941 // JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2019-10941

AFFECTED PRODUCTS

vendor:siemensmodel:sinema serverscope:eqversion:14.0

Trust: 1.0

vendor:siemensmodel:sinema serverscope:ltversion:14.0

Trust: 1.0

vendor:シーメンスmodel:sinema serverscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinema serverscope:eqversion:14 sp3

Trust: 0.8

sources: JVNDB: JVNDB-2021-011729 // NVD: CVE-2019-10941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10941
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10941
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-948
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-10941
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10941
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-10941
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-10941
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-10941 // JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-948 // NVD: CVE-2019-10941

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-011729 // NVD: CVE-2019-10941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-948

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:SSA-835377url:https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf

Trust: 0.8

title:SINEMA Server Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162483

Trust: 0.6

sources: JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202109-948

EXTERNAL IDS

db:NVDid:CVE-2019-10941

Trust: 3.3

db:SIEMENSid:SSA-835377

Trust: 1.7

db:ICS CERTid:ICSA-21-257-12

Trust: 1.4

db:JVNid:JVNVU96712416

Trust: 0.8

db:JVNDBid:JVNDB-2021-011729

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021091615

Trust: 0.6

db:CNNVDid:CNNVD-202109-948

Trust: 0.6

db:VULMONid:CVE-2019-10941

Trust: 0.1

sources: VULMON: CVE-2019-10941 // JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-948 // NVD: CVE-2019-10941

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-10941

Trust: 1.4

url:https://jvn.jp/vu/jvnvu96712416/index.html

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-257-12

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-257-12

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091615

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2019-10941 // JVNDB: JVNDB-2021-011729 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-948 // NVD: CVE-2019-10941

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202109-948

SOURCES

db:VULMONid:CVE-2019-10941
db:JVNDBid:JVNDB-2021-011729
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-948
db:NVDid:CVE-2019-10941

LAST UPDATE DATE

2024-08-14T12:45:50.748000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-10941date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2021-011729date:2022-08-10T02:33:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-948date:2021-09-24T00:00:00
db:NVDid:CVE-2019-10941date:2021-09-23T15:39:30.350

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-10941date:2021-09-14T00:00:00
db:JVNDBid:JVNDB-2021-011729date:2022-08-10T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-948date:2021-09-14T00:00:00
db:NVDid:CVE-2019-10941date:2021-09-14T11:15:07.933