Weak Cryptography in Control Center Server and SiVMS Video Server by Siemens
CVE-2019-18340

5.5MEDIUM

Key Information:

Vendor

Siemens
Status
Control Center Server (ccs)
Sinvr/sivms Video Server
Vendor
CVE Published:
12 December 2019

What is CVE-2019-18340?

A vulnerability exists in Siemens Control Center Server and SiVMS/SiNVR Video Server due to the use of weak cryptographic techniques for storing user and device passwords. This allows a local attacker to potentially exploit the vulnerability by extracting sensitive passwords from the user database and device configuration files, leading to possible unauthorized access and further attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Control Center Server (CCS) All versions < V1.5.0

Control Center Server (CCS) All versions >= V1.5.0

SiNVR/SiVMS Video Server All versions < V5.0.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-76161...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-76184...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.