PT-2019-15359 · Siemens · Sinvr/Sivms Video Server+1
Published
2019-12-12
·
Updated
2024-01-09
·
CVE-2019-18340
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Control Center Server (CCS) versions prior to V1.5.0
SiNVR/SiVMS Video Server versions prior to V5.0.0
Description
A vulnerability has been identified where the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords using weak cryptography. This could allow a local attacker to extract passwords from the user database and/or device configuration files, potentially leading to further attacks.
Recommendations
For Control Center Server (CCS) versions prior to V1.5.0, update to version V1.5.0 or later to resolve the issue.
For SiNVR/SiVMS Video Server versions prior to V5.0.0, update to version V5.0.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the user database and device configuration files to minimize the risk of exploitation.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Control Center Server
Sinvr/Sivms Video Server