Lucene search

[email protected]NVD:CVE-2019-13947

HistoryDec 12, 2019 - 7:15 p.m.

CVE-2019-13947

2019-12-1219:15:15

CWE-317

CWE-312

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.1%

JSON

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the
Control Center Server (CCS) transfers user passwords in clear to the
client (browser).

An attacker with administrative privileges for the web interface could be
able to read (and not only reset) passwords of other CCS users.

Affected configurations

NVD

Node

siemenssinvr_3_central_control_server

siemenssinvr_3_video_server

References

cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.1%

JSON

Related for NVD:CVE-2019-13947

cve1 prion1 cvelist1 ics2