Siemens Sinvr Sivms Video Server vulnerabilities
7 known vulnerabilities affecting siemens/sinvr_sivms_video_server.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2019-18339P2CRITICALCVSS 9.8vAll versions < V5.0.02019-12-12
CVE-2019-18339 [CRITICAL] CWE-306 CVE-2019-18339: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP se
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server
contains an authentication bypass vulnerability, even when properly
configured with enforced authentication.
A remote attacker with network access to the Video Server could
exploit this
nvd
CVE-2019-19296P3HIGHCVSS 8.1vAll versions < V5.0.02020-03-10
CVE-2019-19296 [HIGH] CWE-22 CVE-2019-19296: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video
Server contain a path traversal vulnerability
that could allow an authenticated remote attacker to access and download
arbitrary files from the server, if the FTP services are enabled
nvd
CVE-2019-19297P3HIGHCVSS 7.5vAll versions < V5.0.02020-03-10
CVE-2019-19297 [HIGH] CWE-22 CVE-2019-19297: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streami
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server
contains a path traversal vulnerability, that could allow an
unauthenticated remote attacker to access and download arbitrary files from the server.
nvd
CVE-2019-19299P3HIGHCVSS 7.5≤ 5.0.2vAll versions < V5.0.0+2 more2020-03-10
CVE-2019-19299 [HIGH] CWE-326 CVE-2019-19299: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions = V5.0.0 = V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server
applies weak cryptography when exposing device (camera) passwords.
This could allow an unauthenticated remote attacker to read and decrypt
the passwords and conduct further atta
nvd
CVE-2019-19298P3HIGHCVSS 7.5vAll versions < V5.0.0vAll versions >= V5.0.0 < V5.0.22020-03-10
CVE-2019-19298 [HIGH] CWE-20 CVE-2019-19298: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions = V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server
contains a input validation vulnerability, that could allow
an unauthenticated remote attacker to cause a Denial-of-Service condition
by sending malformed HTTP requests.
nvd
CVE-2019-19291P3MEDIUMCVSS 6.5vAll versions < V5.0.02020-03-10
CVE-2019-19291 [MEDIUM] CWE-313 CVE-2019-19291: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/Si
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain
log files that store login credentials in cleartext.
In configurations where the FTP service is enabled, authentica
nvd
CVE-2019-18340P4MEDIUMCVSS 5.5vAll versions < V5.0.0vAll versions >= V5.0.02019-12-12
CVE-2019-18340 [MEDIUM] CWE-327 CVE-2019-18340: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control
A vulnerability has been identified in Control Center Server (CCS) (All versions = V1.5.0), SiNVR/SiVMS Video Server (All versions = V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store
user and device passwords by applying weak cryptography.
A local attacker could exploit this vulnerability to extract
the passwords f
nvd