Vulnerability Details : CVE-2019-13947
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the
Control Center Server (CCS) transfers user passwords in clear to the
client (browser).
An attacker with administrative privileges for the web interface could be
able to read (and not only reset) passwords of other CCS users.
Exploit prediction scoring system (EPSS) score for CVE-2019-13947
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 22 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-13947
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
|
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.2
|
3.6
|
NIST |
|
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.2
|
3.6
|
Siemens AG |
CWE ids for CVE-2019-13947
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Secondary)
-
The product stores sensitive information in cleartext within the GUI.Assigned by: productcert@siemens.com (Primary)
References for CVE-2019-13947
Products affected by CVE-2019-13947
- cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*