cvelist/2019/19xxx/CVE-2019-19291.json

{
    "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2019-19291",
        "STATE": "PUBLIC"
    },
    "data_format": "MITRE",
    "data_version": "4.0",
    "data_type": "CVE",
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Siemens AG",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "SiNVR 3 Central Control Server (CCS)",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "all versions"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "SiNVR 3 Video Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "all versions"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-313: Cleartext Storage in a File or on Disk"
                    }
                ]
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a\nlog file that stores login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n"
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
            }
        ]
    }
}
"-Synchronized-Data." 2019-11-26 15:02:09 +00:00			`{`
			`"CVE_data_meta": {`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`"ASSIGNER": "productcert@siemens.com",`
"-Synchronized-Data." 2019-11-26 15:02:09 +00:00			`"ID": "CVE-2019-19291",`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`"STATE": "PUBLIC"`
			`},`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"data_type": "CVE",`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Siemens AG",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "SiNVR 3 Central Control Server (CCS)",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "all versions"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "SiNVR 3 Video Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "all versions"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-313: Cleartext Storage in a File or on Disk"`
			`}`
			`]`
			`}`
			`]`
"-Synchronized-Data." 2019-11-26 15:02:09 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a\nlog file that stores login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n"`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "CONFIRM",`
			`"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"`
"-Synchronized-Data." 2019-11-26 15:02:09 +00:00			`}`
			`]`
			`}`
			`}`