CVE-2019-18342
published 2019-12-12CVE-2019-18342: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.13%
79.6th percentile
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server
(CCS) does not properly limit its capabilities to the specified purpose.
In conjunction with CVE-2019-18341, an unauthenticated remote attacker with
network access to the CCS server could exploit this vulnerability
to read or delete arbitrary files, or access other resources on the same
server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pyyaml | pyyaml | >= 5.1 < 5.2 | 5.2 |
| siemens | control_center_server | < 1.5.0 | 1.5.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens and PKE Control Center Server
cisa_ics·2021-04-13·CVSS 4.9
[MEDIUM] Siemens and PKE Control Center Server
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens and PKE Control Center Server
Last RevisedApril 13, 2021
Alert CodeICSA-21-103-10
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Siemens/PKE
- Equipment: Control Center Server (CCS)
- Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky Cryptographic Algorithm, Exposed Dangerous Method or Function, Path Traversal, Cleartext Storage in a File or on Disk, SQL Injection, Cross-site Scripting, Insufficient Logging
## 2. RISK
CISA ICS
Siemens and PKE SiNVR, SiVMS Video Server (Update A)
cisa_ics·2019-12-10·CVSS 4.9
[MEDIUM] Siemens and PKE SiNVR, SiVMS Video Server (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens and PKE SiNVR, SiVMS Video Server (Update A)
Last RevisedApril 14, 2021
Alert CodeICSA-19-344-02
## 1. EXECUTIVE SUMMARY
--------- Begin Update A Part 1 of 6 ---------
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Siemens and PKE
- Equipment: SiNVR, SiVMS Video Servers
- Vulnerabilities: Missing Authentication for Critical Function, Weak Cryptography for Passwords
--------- End Update A Part 1 of 6 ---------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-19-344-02 Siemens SiNVR
Red Hat
PyYAML: command execution through python/object/apply constructor in FullLoader
vendor_redhat·2019-11-18·CVSS 9.8
CVE-2019-20477 [CRITICAL] CWE-502 PyYAML: command execution through python/object/apply constructor in FullLoader
PyYAML: command execution through python/object/apply constructor in FullLoader
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/apply constructor.
Statement: This issue did not affect the vers
GHSA
GHSA-7jpc-wcv3-h3mc: A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions)
ghsa_unreviewed·2022-05-24·CVSS 5.3
CVE-2019-18342 [MEDIUM] CWE-749 GHSA-7jpc-wcv3-h3mc: A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions)
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.
GHSA
Deserialization of Untrusted Data in PyYAML
ghsa·2021-04-20·CVSS 9.8
CVE-2019-20477 [CRITICAL] CWE-502 Deserialization of Untrusted Data in PyYAML
Deserialization of Untrusted Data in PyYAML
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
No detection rules found.
No public exploits indexed.
2019-12-12
Published