Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-19297 (GCVE-0-2019-19297)
Vulnerability from cvelistv5
Published
2020-03-10 19:16
Modified
2024-08-05 02:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server
contains a path traversal vulnerability, that could allow an
unauthenticated remote attacker to access and download arbitrary files from the server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens | SiNVR/SiVMS Video Server |
Version: All versions < V5.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SiNVR/SiVMS Video Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:56:26.734Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-19297",
"datePublished": "2020-03-10T19:16:17",
"dateReserved": "2019-11-26T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19297\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2020-03-10T20:15:19.663\",\"lastModified\":\"2024-11-21T04:34:31.290\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\\ncontains a path traversal vulnerability, that could allow an\\nunauthenticated remote attacker to access and download arbitrary files from the server.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones anteriores a V5.0.0). El servicio de streaming (puerto por defecto 5410/tcp) de SiVMS/SiNVR Video Server contiene una vulnerabilidad de path traversal, que podr\u00eda permitir a un atacante remoto no autentificado acceder y descargar archivos arbitrarios desde el servidor\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16668E9A-2D0A-425E-87F4-18CFC50551D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F21BB6D-BFE0-4B69-97F2-1A871A390B1E\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
var-202003-0781
Vulnerability from variot
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server. SiNVR 3 Central Control Server (CCS) and Video Server Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be put into a state. SiNVR 3 is a video management platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0781",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinvr 3 video server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinvr 3 central control server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinvr 3 central control server",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinvr 3 video server",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinvr central control server",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3"
},
{
"model": "sinvr video server",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinvr 3 central control server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinvr 3 video server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be"
},
{
"db": "CNVD",
"id": "CNVD-2020-17010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
},
{
"db": "NVD",
"id": "CVE-2019-19297"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:sinvr_3_central_control_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:sinvr_3_video_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-491"
}
],
"trust": 0.6
},
"cve": "CVE-2019-19297",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-19297",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014865",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-17010",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19297",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014865",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19297",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-19297",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014865",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-17010",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-491",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be"
},
{
"db": "CNVD",
"id": "CNVD-2020-17010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-491"
},
{
"db": "NVD",
"id": "CVE-2019-19297"
},
{
"db": "NVD",
"id": "CVE-2019-19297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server. SiNVR 3 Central Control Server (CCS) and Video Server Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be put into a state. SiNVR 3 is a video management platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
},
{
"db": "CNVD",
"id": "CNVD-2020-17010"
},
{
"db": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19297",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-844761",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-070-01",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-17010",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-491",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014865",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "46120",
"trust": 0.6
},
{
"db": "IVD",
"id": "4E2D9FB7-A6EB-4417-9036-344D48F370BE",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be"
},
{
"db": "CNVD",
"id": "CNVD-2020-17010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-491"
},
{
"db": "NVD",
"id": "CVE-2019-19297"
}
]
},
"id": "VAR-202003-0781",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be"
},
{
"db": "CNVD",
"id": "CNVD-2020-17010"
}
],
"trust": 1.454873825
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be"
},
{
"db": "CNVD",
"id": "CNVD-2020-17010"
}
]
},
"last_update_date": "2024-11-23T20:29:59.644000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-844761",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"title": "Patch for Siemens SiNVR 3 Path Traversal Vulnerability (CNVD-2020-17010)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208737"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
},
{
"db": "NVD",
"id": "CVE-2019-19297"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19297"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-070-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19297"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-070-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46120"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-17010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-491"
},
{
"db": "NVD",
"id": "CVE-2019-19297"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be"
},
{
"db": "CNVD",
"id": "CNVD-2020-17010"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-491"
},
{
"db": "NVD",
"id": "CVE-2019-19297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17010"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014865"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-491"
},
{
"date": "2020-03-10T20:15:19.663000",
"db": "NVD",
"id": "CVE-2019-19297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-17010"
},
{
"date": "2020-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014865"
},
{
"date": "2021-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-491"
},
{
"date": "2024-11-21T04:34:31.290000",
"db": "NVD",
"id": "CVE-2019-19297"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-491"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SiNVR 3 Central Control Server and Video Server Past Traversal Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014865"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "4e2d9fb7-a6eb-4417-9036-344d48f370be"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-491"
}
],
"trust": 0.8
}
}
gsd-2019-19297
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19297",
"description": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.",
"id": "GSD-2019-19297"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19297"
],
"details": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.",
"id": "GSD-2019-19297",
"modified": "2023-12-13T01:23:54.593018Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-19297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions \u003c V5.0.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server."
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-22",
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16668E9A-2D0A-425E-87F4-18CFC50551D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F21BB6D-BFE0-4B69-97F2-1A871A390B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones anteriores a V5.0.0). El servicio de streaming (puerto por defecto 5410/tcp) de SiVMS/SiNVR Video Server contiene una vulnerabilidad de path traversal, que podr\u00eda permitir a un atacante remoto no autentificado acceder y descargar archivos arbitrarios desde el servidor"
}
],
"id": "CVE-2019-19297",
"lastModified": "2024-01-09T10:15:13.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2020-03-10T20:15:19.663",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
}
}
}
ghsa-37hr-898c-hc2f
Vulnerability from github
Published
2022-05-24 17:10
Modified
2024-01-09 12:30
Severity ?
VLAI Severity ?
Details
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.
{
"affected": [],
"aliases": [
"CVE-2019-19297"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-10T20:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.",
"id": "GHSA-37hr-898c-hc2f",
"modified": "2024-01-09T12:30:35Z",
"published": "2022-05-24T17:10:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19297"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
CERTFR-2020-AVI-132
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SiNVR 3 Central Control Server (CCS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK 840D",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 5 versions ant\u00e9rieures \u00e0 v5.50 HF02",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiNVR 3 Video Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 versions ant\u00e9rieures \u00e0 V3.X.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19290",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19290"
},
{
"name": "CVE-2019-18336",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18336"
},
{
"name": "CVE-2020-7579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7579"
},
{
"name": "CVE-2019-19292",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19292"
},
{
"name": "CVE-2019-19299",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19299"
},
{
"name": "CVE-2019-19295",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19295"
},
{
"name": "CVE-2019-19294",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19294"
},
{
"name": "CVE-2019-19298",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19298"
},
{
"name": "CVE-2019-19291",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19291"
},
{
"name": "CVE-2019-19293",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19293"
},
{
"name": "CVE-2019-19297",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19297"
},
{
"name": "CVE-2019-19296",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19296"
}
],
"initial_release_date": "2020-03-10T00:00:00",
"last_revision_date": "2020-03-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-508982 du 10 mars 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844761 du 10 mars 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-938930 du 10 mars 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938930.pdf"
}
],
"reference": "CERTFR-2020-AVI-132",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SIemens ssa-508982 du 10 mars 2020",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SIemens ssa-844761 du 10 mars 2020",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SIemens ssa-938930 du 10 mars 2020",
"url": null
}
]
}
CERTFR-2021-AVI-255
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | LOGO! Soft Comfort toutes versions | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2019 R2 | ||
| Siemens | N/A | Solid Edge SE2021 versions antérieures à SE2021MP4 | ||
| Siemens | N/A | SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.2.9 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2019 R3 | ||
| Siemens | N/A | Nucleus NET versions antérieures à 5.2 | ||
| Siemens | N/A | TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions antérieures à V2.6.0 | ||
| Siemens | N/A | SiNVR/SiVMS Video Server toutes versions | ||
| Siemens | N/A | Nucleus RTOS versions contenant le module DNS affecté | ||
| Siemens | N/A | SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.0.44 | ||
| Siemens | N/A | Solid Edge SE2020 toutes versions | ||
| Siemens | N/A | SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions antérieures à V3.1.1 | ||
| Siemens | N/A | SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions | ||
| Siemens | N/A | Opcenter Quality versions antérieures à 12.2 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2019 R1 | ||
| Siemens | N/A | SIMATIC NET CP 443-5 Extended toutes versions | ||
| Siemens | N/A | VSTAR versions contenant le module DNS affecté | ||
| Siemens | N/A | Control Center Server (CCS) toutes versions | ||
| Siemens | N/A | TIM 4R-IE (incl. SIPLUS NET variants) toutes versions | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2020 R1 | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à 3.0 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2020 R2 | ||
| Siemens | N/A | SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.1.1 | ||
| Siemens | N/A | SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.2.9 | ||
| Siemens | N/A | SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2018 R2 | ||
| Siemens | N/A | Nucleus ReadyStart toutes versions | ||
| Siemens | N/A | Nucleus 4 versions antérieures à 4.1.0 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2018 R3 | ||
| Siemens | N/A | QMS Automotive versions antérieures à 12.30 | ||
| Siemens | N/A | Tecnomatix RobotExpert versions antérieures à 16.1 | ||
| Siemens | N/A | TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions antérieures à V3.1.0 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2020 R3 | ||
| Siemens | N/A | Nucleus Source Code versions contenant le module DNS affecté | ||
| Siemens | N/A | TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions | ||
| Siemens | N/A | SIMOTICS CONNECT 400 toutes verions |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "LOGO! Soft Comfort toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2019 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2021 versions ant\u00e9rieures \u00e0 SE2021MP4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2019 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus NET versions ant\u00e9rieures \u00e0 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 V2.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiNVR/SiVMS Video Server toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus RTOS versions contenant le module DNS affect\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.0.44",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2020 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Opcenter Quality versions ant\u00e9rieures \u00e0 12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2019 R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-5 Extended toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "VSTAR versions contenant le module DNS affect\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Control Center Server (CCS) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE (incl. SIPLUS NET variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2020 R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2020 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2018 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus 4 versions ant\u00e9rieures \u00e0 4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2018 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "QMS Automotive versions ant\u00e9rieures \u00e0 12.30",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix RobotExpert versions ant\u00e9rieures \u00e0 16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2020 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus Source Code versions contenant le module DNS affect\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTICS CONNECT 400 toutes verions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27009",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27009"
},
{
"name": "CVE-2015-7855",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7855"
},
{
"name": "CVE-2019-18339",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18339"
},
{
"name": "CVE-2016-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
},
{
"name": "CVE-2015-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
},
{
"name": "CVE-2016-4953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
},
{
"name": "CVE-2021-27389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27389"
},
{
"name": "CVE-2021-27382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27382"
},
{
"name": "CVE-2020-27736",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27736"
},
{
"name": "CVE-2021-27380",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27380"
},
{
"name": "CVE-2015-5219",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5219"
},
{
"name": "CVE-2016-1550",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
},
{
"name": "CVE-2015-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2021-27392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27392"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2021-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25663"
},
{
"name": "CVE-2020-15795",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15795"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2016-4954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
},
{
"name": "CVE-2021-25664",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25664"
},
{
"name": "CVE-2020-25243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25243"
},
{
"name": "CVE-2015-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
},
{
"name": "CVE-2015-8214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8214"
},
{
"name": "CVE-2019-19299",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19299"
},
{
"name": "CVE-2020-28385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28385"
},
{
"name": "CVE-2021-25678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25678"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2021-27393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27393"
},
{
"name": "CVE-2020-25244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25244"
},
{
"name": "CVE-2019-18340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18340"
},
{
"name": "CVE-2021-25670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25670"
},
{
"name": "CVE-2015-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
},
{
"name": "CVE-2015-7871",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7871"
},
{
"name": "CVE-2020-27738",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27738"
},
{
"name": "CVE-2019-19298",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19298"
},
{
"name": "CVE-2020-26997",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26997"
},
{
"name": "CVE-2019-19291",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19291"
},
{
"name": "CVE-2020-27737",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27737"
},
{
"name": "CVE-2019-19297",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19297"
},
{
"name": "CVE-2016-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
},
{
"name": "CVE-2021-25677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25677"
},
{
"name": "CVE-2019-19296",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19296"
}
],
"initial_release_date": "2021-04-14T00:00:00",
"last_revision_date": "2021-04-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-255",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-788287 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-248289 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-853866 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-185699 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-983300 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844761 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-163226 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-497656 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761617 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-669158 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-574442 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705111 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-292794 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761844 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]
}
cnvd-2020-17010
Vulnerability from cnvd
Title
Siemens SiNVR 3 路径遍历漏洞(CNVD-2020-17010)
Description
SiNVR 3是一个视频管理平台。Central Control Server (CCS)是中央控制服务器,Video Server是视频服务器。
SiNVR 3在实现中存在路径遍历漏洞,远程攻击者可利用此漏洞从服务器下载和访问任意文件。
Severity
中
VLAI Severity ?
Patch Name
Siemens SiNVR 3 路径遍历漏洞(CNVD-2020-17010)的补丁
Patch Description
SiNVR 3是一个视频管理平台。Central Control Server (CCS)是中央控制服务器,Video Server是视频服务器。
SiNVR 3在实现中存在路径遍历漏洞,远程攻击者可利用此漏洞从服务器下载和访问任意文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布相关修复方案,请及时更新: https://nvd.nist.gov/vuln/detail/CVE-2019-19297
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-19297
Impacted products
| Name | ['Siemens SiNVR 3 Central Control Server (CCS)', 'Siemens SiNVR 3 Video Server'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-19297"
}
},
"description": "SiNVR 3\u662f\u4e00\u4e2a\u89c6\u9891\u7ba1\u7406\u5e73\u53f0\u3002Central Control Server (CCS)\u662f\u4e2d\u592e\u63a7\u5236\u670d\u52a1\u5668\uff0cVideo Server\u662f\u89c6\u9891\u670d\u52a1\u5668\u3002\n\nSiNVR 3\u5728\u5b9e\u73b0\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ece\u670d\u52a1\u5668\u4e0b\u8f7d\u548c\u8bbf\u95ee\u4efb\u610f\u6587\u4ef6\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19297",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-17010",
"openTime": "2020-03-13",
"patchDescription": "SiNVR 3\u662f\u4e00\u4e2a\u89c6\u9891\u7ba1\u7406\u5e73\u53f0\u3002Central Control Server (CCS)\u662f\u4e2d\u592e\u63a7\u5236\u670d\u52a1\u5668\uff0cVideo Server\u662f\u89c6\u9891\u670d\u52a1\u5668\u3002\r\n\r\nSiNVR 3\u5728\u5b9e\u73b0\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ece\u670d\u52a1\u5668\u4e0b\u8f7d\u548c\u8bbf\u95ee\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens SiNVR 3 \u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2020-17010\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SiNVR 3 Central Control Server (CCS)",
"Siemens SiNVR 3 Video Server"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-19297",
"serverity": "\u4e2d",
"submitTime": "2020-03-12",
"title": "Siemens SiNVR 3 \u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2020-17010\uff09"
}
fkie_cve-2019-19297
Vulnerability from fkie_nvd
Published
2020-03-10 20:15
Modified
2024-11-21 04:34
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server
contains a path traversal vulnerability, that could allow an
unauthenticated remote attacker to access and download arbitrary files from the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | sinvr_3_central_control_server | * | |
| siemens | sinvr_3_video_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16668E9A-2D0A-425E-87F4-18CFC50551D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F21BB6D-BFE0-4B69-97F2-1A871A390B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones anteriores a V5.0.0). El servicio de streaming (puerto por defecto 5410/tcp) de SiVMS/SiNVR Video Server contiene una vulnerabilidad de path traversal, que podr\u00eda permitir a un atacante remoto no autentificado acceder y descargar archivos arbitrarios desde el servidor"
}
],
"id": "CVE-2019-19297",
"lastModified": "2024-11-21T04:34:31.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2020-03-10T20:15:19.663",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…