CVE-2019-19295

Опубликовано: 10 мар. 2020

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00277

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-778

NVD-CWE-Other

Связанные уязвимости

GHSA-mf3h-4jjh-89fr

CVSS3: 4.3

github

больше 3 лет назад

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.

BDU:2020-02457

CVSS3: 4.3

fstec

почти 6 лет назад

Уязвимость центрального сервера управления SiNVR 3 Central Control Server, связанная с ошибками безопасности в протоколе связи на основе XML, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве

EPSS

Процентиль: 51%

0.00277

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-778

NVD-CWE-Other