cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-19292,https://securityvulnerability.io/vulnerability/CVE-2019-19292,SQL Injection Vulnerability in Control Center Server by Siemens,"The Control Center Server (CCS) by Siemens is susceptible to an SQL injection vulnerability present in its XML-based communication protocol. This issue arises when the service is configured to operate on default ports 5444/tcp and 5440/tcp. An authenticated remote attacker can leverage this vulnerability to gain access to the CCS database, allowing them to read or modify data and potentially execute unauthorized administrative database operations or even system commands.",Siemens,Control Center Server (ccs),8.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2020-03-10T20:15:00.000Z,0
CVE-2019-19293,https://securityvulnerability.io/vulnerability/CVE-2019-19293,Reflected Cross-Site Scripting Vulnerability in Control Center Server by Siemens,"A reflected Cross-site Scripting (XSS) vulnerability exists in all versions of Control Center Server (CCS) below 1.5.0. This vulnerability can be exploited by an unauthenticated remote attacker through the web interface, allowing them to execute malicious scripts in a user's browser context. As a result, attackers could potentially steal sensitive information, manipulate user sessions, or perform unauthorized administrative actions, compromising the security and integrity of the CCS environment.",Siemens,Control Center Server (ccs),6.1,MEDIUM,0.0017600000137463212,false,,false,false,false,,,false,false,,2020-03-10T20:15:00.000Z,0
CVE-2019-19294,https://securityvulnerability.io/vulnerability/CVE-2019-19294,Cross-Site Scripting Vulnerability in Control Center Server by Siemens,"A stored Cross-Site Scripting vulnerability has been found in the web interface of Control Center Server (CCS) software. All versions prior to V1.5.0 are affected. This vulnerability arises from inadequate input validation in multiple fields, allowing an authenticated attacker to inject malicious JavaScript code. The result is the potential execution of the injected code in the browser context of any user who accesses the compromised web content, thereby compromising user data and security.",Siemens,Control Center Server (ccs),6.3,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2020-03-10T20:15:00.000Z,0
CVE-2019-19295,https://securityvulnerability.io/vulnerability/CVE-2019-19295,Security Logging Oversight in Control Center Server by Siemens,"A vulnerability exists in Siemens Control Center Server (CCS) prior to version 1.5.0 due to the lack of enforcement for logging security-relevant activities in its XML-based communication protocol. This gap allows an authenticated remote attacker to exploit the system and execute covert actions that remain undetected in the application log, posing significant risks to security and operational integrity. The affected services communicate over TCP ports 5444 and 5440 by default.",Siemens,Control Center Server (ccs),4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2020-03-10T20:15:00.000Z,0
CVE-2019-19290,https://securityvulnerability.io/vulnerability/CVE-2019-19290,Path Traversal Vulnerability in Control Center Server by Siemens,"A vulnerability exists in the web interface of Control Center Server (CCS) that allows an authenticated remote attacker to exploit a path traversal flaw. This can enable unauthorized access to the server's file system, potentially leading to the download of arbitrary files. It is critical for users to upgrade to version 1.5.0 or later to mitigate this risk.",Siemens,Control Center Server (ccs),6.5,MEDIUM,0.0019199999514967203,false,,false,false,false,,,false,false,,2020-03-10T20:15:00.000Z,0
CVE-2019-19291,https://securityvulnerability.io/vulnerability/CVE-2019-19291,Cleartext Credentials Exposure in Control Center Server and SiNVR/SiVMS Video Server,"A significant vulnerability has been identified in the Control Center Server and SiNVR/SiVMS Video Server due to the storage of login credentials in cleartext within log files associated with the FTP service. If the FTP service is enabled, authenticated remote attackers can exploit this vulnerability to extract sensitive login credentials of other users, potentially leading to unauthorized access and data breaches. This issue underscores the importance of securing log files and considering proper configurations to mitigate risks associated with cleartext password storage.",Siemens,"Control Center Server (ccs),Sinvr/sivms Video Server",5.3,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2020-03-10T20:15:00.000Z,0
CVE-2019-13947,https://securityvulnerability.io/vulnerability/CVE-2019-13947,Cleartext Password Exposure in Control Center Server by Siemens,"A vulnerability exists in the Control Center Server by Siemens where the user configuration menu in the web interface transmits user passwords in cleartext to the client's browser. This security flaw allows an attacker with administrative access to potentially view the passwords of other users. To safeguard your system and user data, it's critical to update to version 1.5.0 or later, which resolves this issue. For more information, refer to the product advisories linked below.",Siemens,Control Center Server (ccs),4.9,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2019-12-12T19:15:00.000Z,0
CVE-2019-18340,https://securityvulnerability.io/vulnerability/CVE-2019-18340,Weak Cryptography in Control Center Server and SiVMS Video Server by Siemens,"A vulnerability exists in Siemens Control Center Server and SiVMS/SiNVR Video Server due to the use of weak cryptographic techniques for storing user and device passwords. This allows a local attacker to potentially exploit the vulnerability by extracting sensitive passwords from the user database and device configuration files, leading to possible unauthorized access and further attacks.",Siemens,"Control Center Server (ccs),Sinvr/sivms Video Server",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-12-12T19:15:00.000Z,0
CVE-2019-18341,https://securityvulnerability.io/vulnerability/CVE-2019-18341,Authentication Bypass in Control Center Server SFTP Service,"A security flaw exists in the SFTP service of Control Center Server, allowing remote attackers with network access to bypass authentication. This can lead to unauthorized access, enabling attackers to read sensitive data from the EDIR directory, including a list of all configured stations. Users are advised to upgrade to at least version 1.5.0 to mitigate the risk associated with this vulnerability.",Siemens,Control Center Server (ccs),5.3,MEDIUM,0.004100000020116568,false,,false,false,false,,,false,false,,2019-12-12T19:15:00.000Z,0
CVE-2019-18342,https://securityvulnerability.io/vulnerability/CVE-2019-18342,SFTP Service Vulnerability in Control Center Server by Siemens,"A security vulnerability exists in the SFTP service of the Control Center Server (CCS) versions prior to V1.5.0, allowing unauthenticated remote attackers with network access to gain unauthorized access. This could enable them to read or delete arbitrary files, or potentially access other resources on the same server. The inadequate restrictions on the SFTP service could be exploited alongside associated vulnerabilities, increasing the risk of significant data breaches and unauthorized actions.",Siemens,Control Center Server (ccs),9.9,CRITICAL,0.0031900000758469105,false,,false,false,false,,,false,false,,2019-12-12T19:15:00.000Z,0
CVE-2019-18338,https://securityvulnerability.io/vulnerability/CVE-2019-18338,Directory Traversal Flaw in Control Center Server by Siemens,"A directory traversal vulnerability exists in Siemens' Control Center Server (CCS) in all versions prior to V1.5.0. This flaw can be exploited by authenticated remote attackers with network access to the CCS server. By leveraging this weakness in the XML-based communication protocol, attackers may gain the ability to list arbitrary directories or access files outside the intended application context, potentially leading to unauthorized information disclosure.",Siemens,Control Center Server (ccs),7.7,HIGH,0.002099999925121665,false,,false,false,false,,,false,false,,2019-12-12T19:15:00.000Z,0
CVE-2019-18337,https://securityvulnerability.io/vulnerability/CVE-2019-18337,Authentication Bypass Vulnerability in Control Center Server by Siemens,"A vulnerability exists in the Control Center Server (CCS) that allows remote attackers to bypass authentication through its XML-based communication protocol. This issue arises due to improper handling of authentication requests on ports 5444/tcp and 5440/tcp. An attacker with network access to the CCS server could exploit this vulnerability to gain unauthorized access to the CCS user database, potentially exposing user passwords in obfuscated cleartext. It is essential for users of affected CCS versions to apply patches and updates to mitigate the risks associated with this vulnerability.",Siemens,Control Center Server (ccs),9.8,CRITICAL,0.004100000020116568,false,,false,false,false,,,false,false,,2019-12-12T19:15:00.000Z,0