Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-19294

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.

Published

2020-03-10T20:15:19.413

Last Modified

2024-11-21T04:34:30.917

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-79
Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	sinvr_3_central_control_server	*	Yes
Application	siemens	sinvr_3_video_server	*	Yes

References

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)