CVE-2019-10941

Published: Sep 14, 2021Modified: Jun 17, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges.

Affected (4)

Products: Siemens: Sinema Server

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinema Server	Before 14.0
Siemens Sinema Server	Version 14.0
Siemens Sinema Server	Version 14.0 sp1
Siemens Sinema Server	Version 14.0 sp2

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.