A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf | Not Applicable Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf | Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf | Not Applicable Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf - Not Applicable, Vendor Advisory | |
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf - Vendor Advisory |
03 Nov 2021, 16:43
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:control_center_server:*:*:*:*:*:*:*:* |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf - Vendor Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf - Not Applicable, Vendor Advisory |
Information
Published : 2019-12-12 19:15
Updated : 2024-11-21 04:33
NVD link : CVE-2019-18342
Mitre link : CVE-2019-18342
CVE.ORG link : CVE-2019-18342
JSON object : View
Products Affected
siemens
- control_center_server
CWE