CVE-2019-18339

Published: Dec 12, 2019Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD (Secondary)

Description

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.

Affected (2)

Products: Siemens: Sinvr 3 Central Control Server, Sinvr 3 Video Server

2 products

Sinvr 3 Central Control Server

Sinvr 3 Video Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinvr 3 Central Control Server	All versions
Siemens Sinvr 3 Video Server	All versions

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.