CVE-2019-19296
published 2020-03-10CVE-2019-19296: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the…
PriorityP353high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
1.81%
75.9th percentile
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video
Server contain a path traversal vulnerability
that could allow an authenticated remote attacker to access and download
arbitrary files from the server, if the FTP services are enabled.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sinvr_sivms_video_server | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens and PKE SiNVR/SiVMS Video Server (Update B)
cisa_ics·2021-04-20·CVSS 6.5
[MEDIUM] Siemens and PKE SiNVR/SiVMS Video Server (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens and PKE SiNVR/SiVMS Video Server (Update B)
Last RevisedAugust 10, 2021
Alert CodeICSA-20-070-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Siemens and PKE
- Equipment: SiNVR/SiVMS Video Server
- Vulnerabilities: Cleartext Storage in a File or on Disk, Path Traversal, Improper Input Validation, Weak Cryptography for Passwords
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-070-01 Siemens SiNVR 3 (Update A) that was published April 20, 2021, to the ICS w
GHSA
GHSA-5q84-q9g2-g3jr: A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions)
ghsa_unreviewed·2022-05-24
CVE-2019-19296 [MEDIUM] CWE-22 GHSA-5q84-q9g2-g3jr: A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions)
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiNVR 3 Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-03-10
Published