CVE-2019-19291 MEDIUM

CVE-2019-19291

Vendor Siemens
Product Control Center Server (CCS)
Weakness CWE-313
Published March 10, 2020
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.

Key dates

02Disclosure timeline

March 10, 2020 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-4066 Operator: passwords defined in secrets shown in statefulset yaml CVE-2026-52783 OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others "storage.<id>.httpx_access_token" leads to Sensitive Data Exposure CVE-2025-4397 Medtronic MyCareLink Patient Monitor Data Encryption Weakness CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file CVE-2023-2863 Simple Design Daily Journal SQLite Database cleartext storage in a file or on disk