Risk Scores
CVSS v3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Control Center Server (CCS) |
Timeline
- CVE Published
The advisory informs about multiple vulnerabilities in the Central Control Server (CCS) application, as initially reported in SSA-761617 ( https://cert-portal.siemens.com/productcert/html/ssa-761617.html) on 2019-12-10 and SSA-844761 (https://cert-portal.siemens.com/productcert/html/ssa-844761.html) on 2020-03-10. The vulnerabilities involve authentication bypass (CVE-2019-18337, CVE-2019-18341), path traversal (CVE-2019-18338, CVE-2019-19290), information disclosure (CVE-2019-13947, CVE-2019-18340, CVE-2019-19291), privilege escalation (CVE-2019-18342), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), and insufficient logging (CVE-2019-19295). PKE has released an update for CCS that fixes the reported vulnerabilities, except for CVE-2019-18340. For details contact PKE ( https://pke.at/). Siemens recommends to update to the latest version and recommends specific countermeasures to mitigate the vulnerabilities.
| Vendor | Product | Versions |
|---|---|---|
| Control Center Server (CCS) |