cvelistv5 - cve-2019-18339

▼	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf	Vendor Advisory

▼	Vendor	Product
	Siemens	SiNVR/SiVMS Video Server

var-201912-1243

Vulnerability from variot

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication.

A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext. SiNVR 3 Central Control Server (CCS) and Video Server Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-1243",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinvr 3 central control server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinvr 3 video server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "sinvr 3 central control server",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinvr 3 video server",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sinvr video server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinvr 3 central control server",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sinvr 3 video server",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18339"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:siemens:sinvr_3_central_control_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:siemens:sinvr_3_video_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      }
    ]
  },
  "cve": "CVE-2019-18339",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-18339",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-44756",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-18339",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-18339",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-18339",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2019-18339",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-18339",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-44756",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-425",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-425"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18339"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18339"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication. \n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext. SiNVR 3 Central Control Server (CCS) and Video Server Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and previously distributed by Schille Informationssysteme gmmbH",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-18339"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      },
      {
        "db": "IVD",
        "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-18339",
        "trust": 3.2
      },
      {
        "db": "SIEMENS",
        "id": "SSA-761617",
        "trust": 2.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-344-02",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-425",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-344-01",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4625",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "DE4D8759-019C-495D-9EC9-B161D4EA4F56",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-425"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18339"
      }
    ]
  },
  "id": "VAR-201912-1243",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      }
    ],
    "trust": 1.454873825
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:14:52.902000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-761617",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
      },
      {
        "title": "Patch for Siemens SiNVR 3 Video Server Authentication Bypass Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/193673"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18339"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-02"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18339"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18339"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4625/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-344-02"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-344-01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-425"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18339"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-425"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18339"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-11T00:00:00",
        "db": "IVD",
        "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
      },
      {
        "date": "2019-12-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      },
      {
        "date": "2019-12-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      },
      {
        "date": "2019-12-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-425"
      },
      {
        "date": "2019-12-12T19:15:20.467000",
        "db": "NVD",
        "id": "CVE-2019-18339"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      },
      {
        "date": "2019-12-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013205"
      },
      {
        "date": "2021-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-425"
      },
      {
        "date": "2024-01-09T10:15:09.743000",
        "db": "NVD",
        "id": "CVE-2019-18339"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-425"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SiNVR 3 Video Server Authentication Bypass Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "de4d8759-019c-495d-9ec9-b161d4ea4f56"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-44756"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-425"
      }
    ],
    "trust": 0.6
  }
}

ssa-761617

Vulnerability from csaf_siemens

Published

2019-12-10 00:00

Modified

2024-01-09 00:00

Summary

SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server

Notes

Summary

The Video Server application in SiNVR/SiVMS solutions contains two vulnerabilities involving authentication bypass (CVE-2019-18339) and information disclosure (CVE-2019-18340). PKE has released an update of the application that fixes CVE-2019-18339. This update is not available under the former Siemens OEM brand name SiNVR. For details contact PKE ( https://pke.at/). Siemens recommends specific countermeasures to mitigate the vulnerabilities.

General Recommendations

As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use

Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Video Server application in SiNVR/SiVMS solutions contains two vulnerabilities\ninvolving authentication bypass (CVE-2019-18339) and information disclosure (CVE-2019-18340).\n\nPKE has released an update of the application that fixes CVE-2019-18339.\nThis update is not available under the former Siemens OEM brand name SiNVR. For details contact PKE (\nhttps://pke.at/).\nSiemens recommends specific countermeasures to mitigate the vulnerabilities.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-761617.html"
      },
      {
        "category": "self",
        "summary": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-761617.json"
      },
      {
        "category": "self",
        "summary": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-761617.txt"
      }
    ],
    "title": "SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server",
    "tracking": {
      "current_release_date": "2024-01-09T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-761617",
      "initial_release_date": "2019-12-10T00:00:00Z",
      "revision_history": [
        {
          "date": "2019-12-10T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2021-04-13T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added partial solution for SiNVR/SiVMS Video Server; removed information for Control Center Server (CCS), which is now addressed in SSA-761844"
        },
        {
          "date": "2024-01-09T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Cleanup: removed orphaned links to vendor advisories and software downloads"
        }
      ],
      "status": "interim",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV5.0.0",
                "product": {
                  "name": "SiNVR/SiVMS Video Server",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=V5.0.0",
                "product": {
                  "name": "SiNVR/SiVMS Video Server",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "SiNVR/SiVMS Video Server"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-18339",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-18339: SiNVR/SiVMS deployments with active Control Center Server (CCS) should ensure that every video server and client has the Authorization Server set to \"Control Center Server\" (Configuration -\u003e Appearance -\u003e Desktop -\u003e Authorization Server)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2019-18339"
    },
    {
      "cve": "CVE-2019-18340",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store\nuser and device passwords by applying weak cryptography.\n\nA local attacker could exploit this vulnerability to extract\nthe passwords from the user database and/or the device configuration files\nto conduct further attacks.\n",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply ACL/firewall configuration on the Video Servers to ensure that only legitimate systems are able to access the configured server ports. Harden all systems accordingly to prevent unauthorized access",
          "product_ids": [
            "1",
            "2"
          ]
        },
        {
          "category": "mitigation",
          "details": "CVE-2019-18340: Harden the Video Servers to prevent local access by unauthorized users",
          "product_ids": [
            "1",
            "2"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "2"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V5.0.0 or later version",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2"
          ]
        }
      ],
      "title": "CVE-2019-18340"
    }
  ]
}

ghsa-372q-jmw9-5mw6

Vulnerability from github

Published

2022-05-24 17:03

Modified

2024-01-09 12:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-18339"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-12T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext.",
  "id": "GHSA-372q-jmw9-5mw6",
  "modified": "2024-01-09T12:30:34Z",
  "published": "2022-05-24T17:03:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18339"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2019-18339

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.

Aliases

CVE-2019-18339

Aliases

CVE-2019-18339

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-18339",
    "description": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.",
    "id": "GSD-2019-18339"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-18339"
      ],
      "details": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.",
      "id": "GSD-2019-18339",
      "modified": "2023-12-13T01:23:50.504761Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2019-18339",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SiNVR/SiVMS Video Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions \u003c V5.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-306",
                "lang": "eng",
                "value": "CWE-306: Missing Authentication for Critical Function"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "16668E9A-2D0A-425E-87F4-18CFC50551D3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0F21BB6D-BFE0-4B69-97F2-1A871A390B1E",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions \u003c V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext."
          },
          {
            "lang": "es",
            "value": "Se ha identificado una vulnerabilidad en SiNVR/SiVMS Video Server (Todas las versiones anteriores a V5.0.0). El servicio HTTP (puerto predeterminado 5401/tcp) de SiVMS/SiNVR Video Server contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n, incluso cuando est\u00e1 configurado correctamente con autenticaci\u00f3n forzada. Un atacante remoto con acceso a la red del Servidor de Video podr\u00eda explotar esta vulnerabilidad para leer la base de datos de usuarios de SiVMS/SiNVR, incluyendo las contrase\u00f1as de todos los usuarios en texto claro ofuscado."
          }
        ],
        "id": "CVE-2019-18339",
        "lastModified": "2024-01-09T10:15:09.743",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "productcert@siemens.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2019-12-12T19:15:20.467",
        "references": [
          {
            "source": "productcert@siemens.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
          }
        ],
        "sourceIdentifier": "productcert@siemens.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-306"
              }
            ],
            "source": "productcert@siemens.com",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-306"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Action not permitted

cve-2019-18339

Vulnerability from cvelistv5

var-201912-1243

Vulnerability from variot

ssa-761617

Vulnerability from csaf_siemens

ghsa-372q-jmw9-5mw6

Vulnerability from github

gsd-2019-18339

Vulnerability from gsd

Tags