cvelistv5 - CVE-2019-19299

CVE-2019-19299 (GCVE-0-2019-19299)

Vulnerability from cvelistv5

Published

2020-03-10 19:16

Modified

2024-08-05 02:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C

CWE

CWE-326 - Inadequate Encryption Strength

Summary

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.

References

URL

Tags

	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf	Mitigation, Vendor Advisory

Impacted products

Vendor

Product

Version

Siemens

SiNVR/SiVMS Video Server

Version: All versions < V5.0.0

	Siemens	SiNVR/SiVMS Video Server	Version: All versions >= V5.0.0 < V5.0.2
	Siemens	SiNVR/SiVMS Video Server	Version: All versions >= V5.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:46.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SiNVR/SiVMS Video Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.0.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SiNVR/SiVMS Video Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V5.0.0 \u003c V5.0.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SiNVR/SiVMS Video Server",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V5.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326: Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-09T09:56:29.166Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-19299",
    "datePublished": "2020-03-10T19:16:17",
    "dateReserved": "2019-11-26T00:00:00",
    "dateUpdated": "2024-08-05T02:16:46.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-19299\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2020-03-10T20:15:19.820\",\"lastModified\":\"2024-11-21T04:34:31.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\\napplies weak cryptography when exposing device (camera) passwords.\\nThis could allow an unauthenticated remote attacker to read and decrypt\\nthe passwords and conduct further attacks.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones). El servicio de streaming (puerto por defecto 5410/tcp) de SiVMS/SiNVR Video Server aplica una criptograf\u00eda d\u00e9bil al exponer las contrase\u00f1as de los dispositivos (c\u00e1maras). Esto podr\u00eda permitir a un atacante remoto no autentificado leer y descifrar las contrase\u00f1as y realizar otros ataques\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-326\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinvr\\\\/sivms_video_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.2\",\"matchCriteriaId\":\"3A3D1C93-5285-4BA1-9817-B2157CC3A001\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

ghsa-2xrj-wrq4-ff74

Vulnerability from github

Published

2022-05-24 17:10

Modified

2022-05-24 17:10

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-327"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-10T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.",
  "id": "GHSA-2xrj-wrq4-ff74",
  "modified": "2022-05-24T17:10:37Z",
  "published": "2022-05-24T17:10:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19299"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2019-19299

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.

Aliases

CVE-2019-19299

Aliases

CVE-2019-19299

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19299",
    "description": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.",
    "id": "GSD-2019-19299"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19299"
      ],
      "details": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.",
      "id": "GSD-2019-19299",
      "modified": "2023-12-13T01:23:54.026678Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2019-19299",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SiNVR/SiVMS Video Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.0.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003e= V5.0.0 \u003c V5.0.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003e= V5.0.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-326",
                "lang": "eng",
                "value": "CWE-326: Inadequate Encryption Strength"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:siemens:sinvr\\/sivms_video_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3A3D1C93-5285-4BA1-9817-B2157CC3A001",
                    "versionEndIncluding": "5.0.2",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks."
          },
          {
            "lang": "es",
            "value": "Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones). El servicio de streaming (puerto por defecto 5410/tcp) de SiVMS/SiNVR Video Server aplica una criptograf\u00eda d\u00e9bil al exponer las contrase\u00f1as de los dispositivos (c\u00e1maras). Esto podr\u00eda permitir a un atacante remoto no autentificado leer y descifrar las contrase\u00f1as y realizar otros ataques"
          }
        ],
        "id": "CVE-2019-19299",
        "lastModified": "2024-01-09T10:15:13.980",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "productcert@siemens.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2020-03-10T20:15:19.820",
        "references": [
          {
            "source": "productcert@siemens.com",
            "tags": [
              "Mitigation",
              "Vendor Advisory"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
          }
        ],
        "sourceIdentifier": "productcert@siemens.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-326"
              }
            ],
            "source": "productcert@siemens.com",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-326"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

CERTFR-2020-AVI-132

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SiNVR 3 Central Control Server (CCS)
Siemens	N/A	SINUMERIK 840D
Siemens	N/A	Spectrum Power 5 versions antérieures à v5.50 HF02
Siemens	N/A	SiNVR 3 Video Server
Siemens	N/A	SIMATIC S7-300 versions antérieures à V3.X.17

References

Title

Publication Time

Tags

Bulletin de sécurité SIemens ssa-508982 du 10 mars 2020	None	vendor-advisory
Bulletin de sécurité SIemens ssa-844761 du 10 mars 2020	None	vendor-advisory
Bulletin de sécurité SIemens ssa-938930 du 10 mars 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-508982 du 10 mars 2020	-	other
Bulletin de sécurité Siemens ssa-844761 du 10 mars 2020	-	other
Bulletin de sécurité Siemens ssa-938930 du 10 mars 2020	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SiNVR 3 Central Control Server (CCS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 840D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Spectrum Power 5 versions ant\u00e9rieures \u00e0 v5.50 HF02",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiNVR 3 Video Server",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 versions ant\u00e9rieures \u00e0 V3.X.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-19290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19290"
    },
    {
      "name": "CVE-2019-18336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18336"
    },
    {
      "name": "CVE-2020-7579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7579"
    },
    {
      "name": "CVE-2019-19292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19292"
    },
    {
      "name": "CVE-2019-19299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19299"
    },
    {
      "name": "CVE-2019-19295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19295"
    },
    {
      "name": "CVE-2019-19294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19294"
    },
    {
      "name": "CVE-2019-19298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19298"
    },
    {
      "name": "CVE-2019-19291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19291"
    },
    {
      "name": "CVE-2019-19293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19293"
    },
    {
      "name": "CVE-2019-19297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19297"
    },
    {
      "name": "CVE-2019-19296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19296"
    }
  ],
  "initial_release_date": "2020-03-10T00:00:00",
  "last_revision_date": "2020-03-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-508982 du 10 mars 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844761 du 10 mars 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-938930 du 10 mars 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938930.pdf"
    }
  ],
  "reference": "CERTFR-2020-AVI-132",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SIemens ssa-508982 du 10 mars 2020",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SIemens ssa-844761 du 10 mars 2020",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SIemens ssa-938930 du 10 mars 2020",
      "url": null
    }
  ]
}

CERTFR-2021-AVI-255

Vulnerability from certfr_avis

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	LOGO! Soft Comfort toutes versions
Siemens	N/A	Siveillance Video Open Network Bridge:2019 R2
Siemens	N/A	Solid Edge SE2021 versions antérieures à SE2021MP4
Siemens	N/A	SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.2.9
Siemens	N/A	Siveillance Video Open Network Bridge:2019 R3
Siemens	N/A	Nucleus NET versions antérieures à 5.2
Siemens	N/A	TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions antérieures à V2.6.0
Siemens	N/A	SiNVR/SiVMS Video Server toutes versions
Siemens	N/A	Nucleus RTOS versions contenant le module DNS affecté
Siemens	N/A	SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.0.44
Siemens	N/A	Solid Edge SE2020 toutes versions
Siemens	N/A	SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions antérieures à V3.1.1
Siemens	N/A	SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions
Siemens	N/A	Opcenter Quality versions antérieures à 12.2
Siemens	N/A	Siveillance Video Open Network Bridge:2019 R1
Siemens	N/A	SIMATIC NET CP 443-5 Extended toutes versions
Siemens	N/A	VSTAR versions contenant le module DNS affecté
Siemens	N/A	Control Center Server (CCS) toutes versions
Siemens	N/A	TIM 4R-IE (incl. SIPLUS NET variants) toutes versions
Siemens	N/A	Siveillance Video Open Network Bridge:2020 R1
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à 3.0
Siemens	N/A	Siveillance Video Open Network Bridge:2020 R2
Siemens	N/A	SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.1.1
Siemens	N/A	SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.2.9
Siemens	N/A	SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions
Siemens	N/A	Siveillance Video Open Network Bridge:2018 R2
Siemens	N/A	Nucleus ReadyStart toutes versions
Siemens	N/A	Nucleus 4 versions antérieures à 4.1.0
Siemens	N/A	Siveillance Video Open Network Bridge:2018 R3
Siemens	N/A	QMS Automotive versions antérieures à 12.30
Siemens	N/A	Tecnomatix RobotExpert versions antérieures à 16.1
Siemens	N/A	TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions antérieures à V3.1.0
Siemens	N/A	Siveillance Video Open Network Bridge:2020 R3
Siemens	N/A	Nucleus Source Code versions contenant le module DNS affecté
Siemens	N/A	TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions
Siemens	N/A	SIMOTICS CONNECT 400 toutes verions

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-788287 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-248289 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-853866 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-185699 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-983300 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-844761 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-163226 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-763427 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-497656 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-761617 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-669158 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-574442 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-705111 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-292794 du 13 avril 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-761844 du 13 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "LOGO! Soft Comfort toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2019 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge SE2021 versions ant\u00e9rieures \u00e0 SE2021MP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2019 R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus NET versions ant\u00e9rieures \u00e0 5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 V2.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiNVR/SiVMS Video Server toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus RTOS versions contenant le module DNS affect\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.0.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge SE2020 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions ant\u00e9rieures \u00e0 V3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Opcenter Quality versions ant\u00e9rieures \u00e0 12.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2019 R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 443-5 Extended toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "VSTAR versions contenant le module DNS affect\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Control Center Server (CCS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE (incl. SIPLUS NET variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2020 R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2020 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2018 R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus ReadyStart toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus 4 versions ant\u00e9rieures \u00e0 4.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2018 R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "QMS Automotive versions ant\u00e9rieures \u00e0 12.30",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix RobotExpert versions ant\u00e9rieures \u00e0 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V3.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Video Open Network Bridge:2020 R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Nucleus Source Code versions contenant le module DNS affect\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTICS CONNECT 400 toutes verions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27009"
    },
    {
      "name": "CVE-2015-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7855"
    },
    {
      "name": "CVE-2019-18339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18339"
    },
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2015-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
    },
    {
      "name": "CVE-2016-4953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
    },
    {
      "name": "CVE-2021-27389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27389"
    },
    {
      "name": "CVE-2021-27382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27382"
    },
    {
      "name": "CVE-2020-27736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27736"
    },
    {
      "name": "CVE-2021-27380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27380"
    },
    {
      "name": "CVE-2015-5219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5219"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2015-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
    },
    {
      "name": "CVE-2015-7705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
    },
    {
      "name": "CVE-2021-27392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27392"
    },
    {
      "name": "CVE-2019-19956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
    },
    {
      "name": "CVE-2021-25663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25663"
    },
    {
      "name": "CVE-2020-15795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15795"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-4954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
    },
    {
      "name": "CVE-2021-25664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25664"
    },
    {
      "name": "CVE-2020-25243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25243"
    },
    {
      "name": "CVE-2015-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
    },
    {
      "name": "CVE-2015-8214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8214"
    },
    {
      "name": "CVE-2019-19299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19299"
    },
    {
      "name": "CVE-2020-28385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28385"
    },
    {
      "name": "CVE-2021-25678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25678"
    },
    {
      "name": "CVE-2020-7595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
    },
    {
      "name": "CVE-2021-27393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27393"
    },
    {
      "name": "CVE-2020-25244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25244"
    },
    {
      "name": "CVE-2019-18340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18340"
    },
    {
      "name": "CVE-2021-25670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25670"
    },
    {
      "name": "CVE-2015-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
    },
    {
      "name": "CVE-2015-7871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7871"
    },
    {
      "name": "CVE-2020-27738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27738"
    },
    {
      "name": "CVE-2019-19298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19298"
    },
    {
      "name": "CVE-2020-26997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26997"
    },
    {
      "name": "CVE-2019-19291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19291"
    },
    {
      "name": "CVE-2020-27737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27737"
    },
    {
      "name": "CVE-2019-19297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19297"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    },
    {
      "name": "CVE-2021-25677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25677"
    },
    {
      "name": "CVE-2019-19296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19296"
    }
  ],
  "initial_release_date": "2021-04-14T00:00:00",
  "last_revision_date": "2021-04-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-255",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-788287 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-248289 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-853866 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-185699 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-983300 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844761 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-163226 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-497656 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761617 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-669158 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-574442 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705111 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-292794 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761844 du 13 avril 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
    }
  ]
}

var-202003-0783

Vulnerability from variot

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0783",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinvr\\/sivms video server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.2"
      },
      {
        "model": "sinvr 3 central control server",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinvr 3 video server",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinvr central control server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3"
      },
      {
        "model": "sinvr video server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinvr 3 central control server",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinvr 3 video server",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19299"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:siemens:sinvr_3_central_control_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:siemens:sinvr_3_video_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported these vulnerabilities to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-497"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-19299",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-19299",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014867",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-17012",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-19299",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-014867",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-19299",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2019-19299",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-014867",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-17012",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-497",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-497"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19299"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19299"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords. \nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks. SiNVR 3 is a video management platform",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19299"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      },
      {
        "db": "IVD",
        "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-19299",
        "trust": 3.2
      },
      {
        "db": "SIEMENS",
        "id": "SSA-844761",
        "trust": 1.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-070-01",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-497",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "46121",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "77EE1268-BAC6-41F9-824C-D972FFBAAF3B",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-497"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19299"
      }
    ]
  },
  "id": "VAR-202003-0783",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      }
    ],
    "trust": 1.454873825
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      }
    ]
  },
  "last_update_date": "2024-11-23T19:55:20.904000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-844761",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
      },
      {
        "title": "Patch for Siemens SiNVR 3 Weak Password Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/208733"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19299"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19299"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-01"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19299"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-070-01"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/46121"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-497"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19299"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-497"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19299"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-10T00:00:00",
        "db": "IVD",
        "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b"
      },
      {
        "date": "2020-03-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      },
      {
        "date": "2020-03-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      },
      {
        "date": "2020-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-497"
      },
      {
        "date": "2020-03-10T20:15:19.820000",
        "db": "NVD",
        "id": "CVE-2019-19299"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      },
      {
        "date": "2020-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014867"
      },
      {
        "date": "2022-05-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-497"
      },
      {
        "date": "2024-11-21T04:34:31.543000",
        "db": "NVD",
        "id": "CVE-2019-19299"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-497"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SiNVR 3 Weak password vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "77ee1268-bac6-41f9-824c-d972ffbaaf3b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-17012"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-497"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2019-19299

Vulnerability from fkie_nvd

Published

2020-03-10 20:15

Modified

2024-11-21 04:34

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	siemens	sinvr\/sivms_video_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sinvr\\/sivms_video_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3D1C93-5285-4BA1-9817-B2157CC3A001",
              "versionEndIncluding": "5.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.0 \u003c V5.0.2), SiNVR/SiVMS Video Server (All versions \u003e= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones). El servicio de streaming (puerto por defecto 5410/tcp) de SiVMS/SiNVR Video Server aplica una criptograf\u00eda d\u00e9bil al exponer las contrase\u00f1as de los dispositivos (c\u00e1maras). Esto podr\u00eda permitir a un atacante remoto no autentificado leer y descifrar las contrase\u00f1as y realizar otros ataques"
    }
  ],
  "id": "CVE-2019-19299",
  "lastModified": "2024-11-21T04:34:31.543",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-10T20:15:19.820",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

cnvd-2020-17012

Vulnerability from cnvd

Title

Siemens SiNVR 3 弱密码漏洞

Description

SiNVR 3是一个视频管理平台。Central Control Server (CCS)是中央控制服务器，Video Server是视频服务器。 SiNVR 3在实现中存在弱密码漏洞，远程攻击者可利用此漏洞读取并解密密码。

Severity

中

Patch Name

Siemens SiNVR 3 弱密码漏洞的补丁

Patch Description

SiNVR 3是一个视频管理平台。Central Control Server (CCS)是中央控制服务器，Video Server是视频服务器。 SiNVR 3在实现中存在弱密码漏洞，远程攻击者可利用此漏洞读取并解密密码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布相关修复方案，请及时更新： https://nvd.nist.gov/vuln/detail/CVE-2019-19299

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-19299

Impacted products

Name
['Siemens SiNVR 3 Central Control Server (CCS)', 'Siemens SiNVR 3 Video Server']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19299"
    }
  },
  "description": "SiNVR 3\u662f\u4e00\u4e2a\u89c6\u9891\u7ba1\u7406\u5e73\u53f0\u3002Central Control Server (CCS)\u662f\u4e2d\u592e\u63a7\u5236\u670d\u52a1\u5668\uff0cVideo Server\u662f\u89c6\u9891\u670d\u52a1\u5668\u3002   \n\nSiNVR 3\u5728\u5b9e\u73b0\u4e2d\u5b58\u5728\u5f31\u5bc6\u7801\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u8bfb\u53d6\u5e76\u89e3\u5bc6\u5bc6\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19299",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-17012",
  "openTime": "2020-03-13",
  "patchDescription": "SiNVR 3\u662f\u4e00\u4e2a\u89c6\u9891\u7ba1\u7406\u5e73\u53f0\u3002Central Control Server (CCS)\u662f\u4e2d\u592e\u63a7\u5236\u670d\u52a1\u5668\uff0cVideo Server\u662f\u89c6\u9891\u670d\u52a1\u5668\u3002   \r\n\r\nSiNVR 3\u5728\u5b9e\u73b0\u4e2d\u5b58\u5728\u5f31\u5bc6\u7801\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u8bfb\u53d6\u5e76\u89e3\u5bc6\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SiNVR 3 \u5f31\u5bc6\u7801\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SiNVR 3 Central Control Server (CCS)",
      "Siemens SiNVR 3 Video Server"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-19299",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-12",
  "title": "Siemens SiNVR 3 \u5f31\u5bc6\u7801\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-19299 (GCVE-0-2019-19299)

Vulnerability from cvelistv5

ghsa-2xrj-wrq4-ff74

Vulnerability from github

gsd-2019-19299

Vulnerability from gsd

CERTFR-2020-AVI-132

Vulnerability from certfr_avis

Solution

CERTFR-2021-AVI-255

Vulnerability from certfr_avis

Solution

var-202003-0783

Vulnerability from variot

fkie_cve-2019-19299

Vulnerability from fkie_nvd

cnvd-2020-17012

Vulnerability from cnvd

Tags

Sightings

Nomenclature