Path Traversal Vulnerability in Control Center Server by Siemens
CVE-2019-19290

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Control Center Server (ccs)
Vendor: CVE Published:; 10 March 2020

Summary

A vulnerability exists in the web interface of Control Center Server (CCS) that allows an authenticated remote attacker to exploit a path traversal flaw. This can enable unauthorized access to the server's file system, potentially leading to the download of arbitrary files. It is critical for users to upgrade to version 1.5.0 or later to mitigate this risk.

Affected Version(s)

Control Center Server (CCS) All versions < V1.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84476...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-76184...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Nov 26, 2019