Siemens AG AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass
vulnerability in its XML-based communication protocol as provided by default
on ports 5444/tcp and 5440/tcp.

A remote attacker with network access to the CCS server could
exploit this vulnerability to read the CCS users database, including
the passwords of all users in obfuscated cleartext.

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf [No Types Assigned]

OR
     *cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*
     *cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*

NIST (AV:N/AC:L/Au:N/C:P/I:N/A:N)

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST CWE-287

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf No Types Assigned

https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf Vendor Advisory

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass
vulnerability in its XML-based communication protocol as provided by default
on ports 5444/tcp and 5440/tcp.

A remote attacker with network access to the CCS server could 
exploit this vulnerability to read the CCS users database, including
the passwords of all users in obfuscated cleartext.

A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.