Security Logging Oversight in Control Center Server by Siemens
CVE-2019-19295

4.3MEDIUM

Key Information:

Vendor: Siemens
Status: Control Center Server (ccs)
Vendor: CVE Published:; 10 March 2020

What is CVE-2019-19295?

A vulnerability exists in Siemens Control Center Server (CCS) prior to version 1.5.0 due to the lack of enforcement for logging security-relevant activities in its XML-based communication protocol. This gap allows an authenticated remote attacker to exploit the system and execute covert actions that remain undetected in the application log, posing significant risks to security and operational integrity. The affected services communicate over TCP ports 5444 and 5440 by default.

Affected Version(s)

Control Center Server (CCS) All versions < V1.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84476...

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-76184...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Nov 26, 2019