cvelist/2019/19xxx/CVE-2019-19291.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2019-19291",
        "ASSIGNER": "productcert@siemens.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain\nlog files that store login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-313: Cleartext Storage in a File or on Disk",
                        "cweId": "CWE-313"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Siemens",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Control Center Server (CCS)",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "All versions < V1.5.0"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "SiNVR/SiVMS Video Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "All versions < V5.0.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf",
                "refsource": "MISC",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
            },
            {
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
                "refsource": "MISC",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
            }
        ]
    },
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM"
            }
        ]
    }
}
"-Synchronized-Data." 2019-11-26 15:02:09 +00:00			`{`
"-Synchronized-Data." 2024-01-09 10:00:41 +00:00			`"data_version": "4.0",`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
"-Synchronized-Data." 2019-11-26 15:02:09 +00:00			`"CVE_data_meta": {`
			`"ID": "CVE-2019-19291",`
"-Synchronized-Data." 2024-01-09 10:00:41 +00:00			`"ASSIGNER": "productcert@siemens.com",`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`"STATE": "PUBLIC"`
			`},`
"-Synchronized-Data." 2024-01-09 10:00:41 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain\nlog files that store login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-313: Cleartext Storage in a File or on Disk",`
			`"cweId": "CWE-313"`
			`}`
			`]`
			`}`
			`]`
			`},`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
Siemens CVE update for AD-2021-04 2021-04-13 11:40:52 +01:00			`"vendor_name": "Siemens",`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`"product": {`
			`"product_data": [`
			`{`
Siemens CVE update for AD-2021-04 2021-04-13 11:40:52 +01:00			`"product_name": "Control Center Server (CCS)",`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`"version": {`
			`"version_data": [`
			`{`
"-Synchronized-Data." 2024-01-09 10:00:41 +00:00			`"version_affected": "=",`
Siemens CVE update for AD-2021-04 2021-04-13 11:40:52 +01:00			`"version_value": "All versions < V1.5.0"`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`}`
			`]`
			`}`
			`},`
			`{`
Siemens CVE update for AD-2021-04 2021-04-13 11:40:52 +01:00			`"product_name": "SiNVR/SiVMS Video Server",`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`"version": {`
			`"version_data": [`
			`{`
"-Synchronized-Data." 2024-01-09 10:00:41 +00:00			`"version_affected": "=",`
Siemens CVE update for AD-2021-04 2021-04-13 11:40:52 +01:00			`"version_value": "All versions < V5.0.0"`
Siemens CVE update for Siemens-AD-2020-03 2020-03-10 10:48:41 +01:00			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2020-03-10 20:01:23 +00:00			`"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf",`
"-Synchronized-Data." 2024-01-09 10:00:41 +00:00			`"refsource": "MISC",`
"-Synchronized-Data." 2020-03-10 20:01:23 +00:00			`"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"`
Siemens CVE update for AD-2021-04 2021-04-13 11:40:52 +01:00			`},`
			`{`
"-Synchronized-Data." 2024-01-09 10:00:41 +00:00			`"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",`
			`"refsource": "MISC",`
			`"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"`
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": [`
			`{`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM"`
"-Synchronized-Data." 2019-11-26 15:02:09 +00:00			`}`
			`]`
			`}`
			`}`