Siemens Control Center Server vulnerabilities
12 known vulnerabilities affecting siemens/control_center_server.
Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM9
Vulnerabilities
Page 1 of 1
CVE-2019-18337P2CRITICALCVSS 9.8vAll versions < V1.5.02019-12-12
CVE-2019-18337 [CRITICAL] CWE-287 CVE-2019-18337: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Cont
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass
vulnerability in its XML-based communication protocol as provided by default
on ports 5444/tcp and 5440/tcp.
A remote attacker with network access to the CCS server could
exploit this vulner
nvd
CVE-2019-18342P2CRITICALCVSS 9.8fixed in 1.5.02019-12-12
CVE-2019-18342 [CRITICAL] CVE-2019-18342: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server
(CCS) does not properly limit its capabilities to the specified purpose.
In conjunction with CVE-2019-18341, an unauthenticated remote attacker with
network access to the CCS server could exploit
nvd
CVE-2019-19292P3HIGHCVSS 8.8vAll versions < V1.5.02020-03-10
CVE-2019-19292 [HIGH] CWE-89 CVE-2019-19292: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Cont
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection
vulnerability in its XML-based communication protocol as provided by default
on ports 5444/tcp and 5440/tcp.
An authenticated remote attacker could exploit this vulnerability to
read or modify the CCS dat
nvd
CVE-2019-18338P3MEDIUMCVSS 6.5vAll versions < V1.5.02019-12-12
CVE-2019-18338 [MEDIUM] CWE-23 CVE-2019-18338: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Cont
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal
vulnerability in its XML-based communication protocol as provided by default
on ports 5444/tcp and 5440/tcp.
An authenticated remote attacker with network access to the CCS server
could exploit th
nvd
CVE-2019-19290P3MEDIUMCVSS 6.5vAll versions < V1.5.02020-03-10
CVE-2019-19290 [MEDIUM] CWE-22 CVE-2019-19290: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWN
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center
Server (CCS) contains a path traversal vulnerability
that could allow an authenticated remote attacker to access and download
arbitrary files from the server where CCS is installed.
nvd
CVE-2019-19291P3MEDIUMCVSS 6.5vAll versions < V1.5.02020-03-10
CVE-2019-19291 [MEDIUM] CWE-313 CVE-2019-19291: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/Si
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain
log files that store login credentials in cleartext.
In configurations where the FTP service is enabled, authentica
nvd
CVE-2019-18341P4MEDIUMCVSS 5.3vAll versions < V1.5.02019-12-12
CVE-2019-18341 [MEDIUM] CWE-287 CVE-2019-18341: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server
(CCS) contains an authentication bypass vulnerability.
A remote attacker with network access to the CCS server could
exploit this vulnerability to read data from the EDIR directory
(for exam
nvd
CVE-2019-19293P4MEDIUMCVSS 6.1vAll versions < V1.5.02020-03-10
CVE-2019-19293 [MEDIUM] CWE-79 CVE-2019-19293: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a
reflected Cross-site Scripting (XSS) vulnerability
that could allow an unauthenticated remote attacker to steal sensitive data
or execute administrative actions on behalf of a legitimate administra
nvd
CVE-2019-13947P4MEDIUMCVSS 4.9vAll versions < V1.5.02019-12-12
CVE-2019-13947 [MEDIUM] CWE-317 CVE-2019-13947: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the
Control Center Server (CCS) transfers user passwords in clear to the
client (browser).
An attacker with administrative privileges for the web interface could be
able to read (and not only reset) passwor
nvd
CVE-2019-18340P4MEDIUMCVSS 5.5vAll versions < V1.5.0vAll versions >= V1.5.02019-12-12
CVE-2019-18340 [MEDIUM] CWE-327 CVE-2019-18340: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control
A vulnerability has been identified in Control Center Server (CCS) (All versions = V1.5.0), SiNVR/SiVMS Video Server (All versions = V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store
user and device passwords by applying weak cryptography.
A local attacker could exploit this vulnerability to extract
the passwords f
nvd
CVE-2019-19294P4MEDIUMCVSS 5.4vAll versions < V1.5.02020-03-10
CVE-2019-19294 [MEDIUM] CWE-79 CVE-2019-19294: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains
multiple stored Cross-site Scripting (XSS) vulnerabilities in several input
fields.
This could allow an authenticated remote attacker to inject malicious
JavaScript code into the CCS web application
nvd
CVE-2019-19295P4MEDIUMCVSS 4.3vAll versions < V1.5.02020-03-10
CVE-2019-19295 [MEDIUM] CWE-778 CVE-2019-19295: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Cont
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of
security-relevant activities in its XML-based communication protocol
as provided by default on ports 5444/tcp and 5440/tcp.
An authenticated remote attacker could exploit this vulnerability to
perfor
nvd