{
  "id": "CVE-2019-13947",
  "sourceIdentifier": "productcert@siemens.com",
  "published": "2019-12-12T19:15:15.327",
  "lastModified": "2021-04-22T21:15:08.347",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en el Servidor de Control Center (CCS) (Todas las versiones anteriores a V1.5.0). El men\u00fa de configuraci\u00f3n de usuarios en la interfaz web del Servidor de Control Center (CCS) transfiere las contrase\u00f1as de los usuarios en claro al cliente (navegador). Un atacante con privilegios administrativos para la interfaz web podr\u00eda ser capaz de leer (y no s\u00f3lo restablecer) las contrase\u00f1as de otros usuarios de CCS"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "productcert@siemens.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-317"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16668E9A-2D0A-425E-87F4-18CFC50551D3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F21BB6D-BFE0-4B69-97F2-1A871A390B1E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf",
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf",
      "source": "productcert@siemens.com"
    }
  ]
}