Cleartext Password Exposure in Control Center Server by Siemens
CVE-2019-13947

4.9MEDIUM

Key Information:

Vendor: Siemens
Status: Control Center Server (ccs)
Vendor: CVE Published:; 12 December 2019

Summary

A vulnerability exists in the Control Center Server by Siemens where the user configuration menu in the web interface transmits user passwords in cleartext to the client's browser. This security flaw allows an attacker with administrative access to potentially view the passwords of other users. To safeguard your system and user data, it's critical to update to version 1.5.0 or later, which resolves this issue. For more information, refer to the product advisories linked below.

Affected Version(s)

Control Center Server (CCS) All versions < V1.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-76161...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-76184...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2019
Vulnerability Reserved
Jul 18, 2019