cbcvebase.

Siemens Sinvr Sivms Video Server vulnerabilities

7 known vulnerabilities affecting siemens/sinvr_sivms_video_server.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2019-18339P2CRITICALCVSS 9.8vAll versions < V5.0.02019-12-12
CVE-2019-18339 [CRITICAL] CWE-306 CVE-2019-18339: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP se A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this
nvd
CVE-2019-19296P3HIGHCVSS 8.1vAll versions < V5.0.02020-03-10
CVE-2019-19296 [HIGH] CWE-22 CVE-2019-19296: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled
nvd
CVE-2019-19297P3HIGHCVSS 7.5vAll versions < V5.0.02020-03-10
CVE-2019-19297 [HIGH] CWE-22 CVE-2019-19297: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streami A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.
nvd
CVE-2019-19299P3HIGHCVSS 7.5≤ 5.0.2vAll versions < V5.0.0+2 more2020-03-10
CVE-2019-19299 [HIGH] CWE-326 CVE-2019-19299: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions = V5.0.0 = V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further atta
nvd
CVE-2019-19298P3HIGHCVSS 7.5vAll versions < V5.0.0vAll versions >= V5.0.0 < V5.0.22020-03-10
CVE-2019-19298 [HIGH] CWE-20 CVE-2019-19298: A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions = V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests.
nvd
CVE-2019-19291P3MEDIUMCVSS 6.5vAll versions < V5.0.02020-03-10
CVE-2019-19291 [MEDIUM] CWE-313 CVE-2019-19291: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/Si A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authentica
nvd
CVE-2019-18340P4MEDIUMCVSS 5.5vAll versions < V5.0.0vAll versions >= V5.0.02019-12-12
CVE-2019-18340 [MEDIUM] CWE-327 CVE-2019-18340: A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control A vulnerability has been identified in Control Center Server (CCS) (All versions = V1.5.0), SiNVR/SiVMS Video Server (All versions = V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords f
nvd
Siemens Sinvr Sivms Video Server vulnerabilities | cvebase