CVE-2019-19291

low-risk

Published 2020-03-10

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.

Do I need to act?

0.17% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / HIGH complexity

Affected Products (2)

Sinvr 3 Central Control Server

Sinvr 3 Video Server

Affected Vendors

Siemens

References (4)

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

Mitigation https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

Mitigation https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf

/ 100

low-risk

Severity 17/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 7/34 · Low