CVE-2019-18341

EUVD-2019-8130
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server
(CCS) contains an authentication bypass vulnerability.

A remote attacker with network access to the CCS server could
exploit this vulnerability to read data from the EDIR directory
(for example, the list of all configured stations).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
siemensCNA
5.3 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
siemenssinvr_3_central_control_server
*
siemenssinvr_3_video_server
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf