heroeskasce.blogg.se

CVE-2019-18338, CVE-2019-18341, CVE-2019-18342: Limit the access of the CCS server application to other applications that are not part of it.Consider applying encryption and authentication on the network (e.g., via TLS on application level or via IPSec on host level). Harden all SiNVR systems accordingly to prevent unauthorized access. General – Apply ACL/firewall configuration on the SiNVR Video and CCS servers to ensure only legitimate SiNVR systems can access the configured Video/CCS server ports.Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk: Raphaël Rigo from Airbus Security Lab reported these vulnerabilities to Siemens. CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities.A CVSS v3 base score of 9.9 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The SFTP service (default specific port) of the SiNVR 3 CCS does not properly limit its capabilities to the specified purpose.ĬVE-2019-18342 has been assigned to this vulnerability. 3.2.7 EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749 A CVSS v3 base score of 5.3 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The SFTP service (default specific port) of the SiNVR 3 CCS contains an authentication bypass vulnerability.ĬVE-2019-18341 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). 3.2.5 WEAK CRYPTOGRAPHY FOR PASSWORDS CWE-261īoth the SiNVR 3 Video Server and the CCS store user and device passwords by applying weak cryptography.ĬVE-2019-18340 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The HTTP service (default specific port) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication.ĬVE-2019-18339 has been assigned to this vulnerability. 3.2.4 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 A CVSS v3 base score of 7.7 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). The SiNVR 3 CCS contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on specific ports.ĬVE-2019-18338 has been assigned to this vulnerability. The SiNVR 3 CCS contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on specific ports.ĬVE-2019-18337 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

The user configuration menu in the web interface of the SiNVR 3 CCS transfers user passwords in cleartext to the client (browser).ĬVE-2019-13947 has been assigned to this vulnerability.

SiNVR 3 Central Control Server (CCS): all versionsģ.2 VULNERABILITY OVERVIEW 3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION IN GUI CWE-317.

The following versions of SiNVR 3, a video management solution, are affected: Successful exploitation of these vulnerabilities could allow an attacker to read (and reset) passwords of other SiNVR 3 CCS (Central Control Server) users, read the CCS and SiNVR users database including the passwords of all users in obfuscated cleartext, list arbitrary directories or read files outside of the CCS application context, extract device configuration files and passwords from the user database, read data from the EDIR directory, read or delete arbitrary files, or access other resources on the same CCS server.

Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Missing Authentication for Critical Function, Weak Cryptography for Passwords, Exposed Dangerous Method or Function.ATTENTION: Exploitable remotely/low skill level to exploit.