CVE-2019-19295

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of
security-relevant activities in its XML-based communication protocol
as provided by default on ports 5444/tcp and 5440/tcp.
An authenticated remote attacker could exploit this vulnerability to
perform covert actions that are not visible in the application log.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
siemensCNA
4.3 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:U/RC:C
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
siemenssinvr_3_central_control_server
*
siemenssinvr_3_video_server
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf