Cleartext Credentials Exposure in Control Center Server and SiNVR/SiVMS Video Server
CVE-2019-19291

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Control Center Server (ccs); Sinvr/sivms Video Server
Vendor: CVE Published:; 10 March 2020

Summary

A significant vulnerability has been identified in the Control Center Server and SiNVR/SiVMS Video Server due to the storage of login credentials in cleartext within log files associated with the FTP service. If the FTP service is enabled, authenticated remote attackers can exploit this vulnerability to extract sensitive login credentials of other users, potentially leading to unauthorized access and data breaches. This issue underscores the importance of securing log files and considering proper configurations to mitigate risks associated with cleartext password storage.

Affected Version(s)

Control Center Server (CCS) All versions < V1.5.0

SiNVR/SiVMS Video Server All versions < V5.0.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84476...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-76184...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Nov 26, 2019