{"containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2024-01-09T09:56:23.099Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains\nmultiple stored Cross-site Scripting (XSS) vulnerabilities in several input\nfields.\nThis could allow an authenticated remote attacker to inject malicious\nJavaScript code into the CCS web application that is later executed\nin the browser context of any other user who views the relevant CCS\nweb content."}], "affected": [{"vendor": "Siemens", "product": "Control Center Server (CCS)", "versions": [{"version": "All versions < V1.5.0", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"}]}}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-19294", "datePublished": "2020-03-10T19:16:17", "dateReserved": "2019-11-26T00:00:00", "dateUpdated": "2024-01-09T09:56:23.099Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinvr_3_central_control_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "16668E9A-2D0A-425E-87F4-18CFC50551D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinvr_3_video_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F21BB6D-BFE0-4B69-97F2-1A871A390B1E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains\nmultiple stored Cross-site Scripting (XSS) vulnerabilities in several input\nfields.\nThis could allow an authenticated remote attacker to inject malicious\nJavaScript code into the CCS web application that is later executed\nin the browser context of any other user who views the relevant CCS\nweb content."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Central Control Server (CCS) (Todas las versiones anteriores a V1.5.0). La interfaz web de Central Control Server (CCS) contiene m\u00faltiples vulnerabilidades de Cross-site Scripting (XSS) almacenadas en varios campos de entrada. Esto podr\u00eda permitir a un atacante remoto autenticado inyectar c\u00f3digo JavaScript malicioso en la aplicaci\u00f3n web de CCS que se ejecuta posteriormente en el contexto del navegador de cualquier otro usuario que vea el contenido web de CCS correspondiente"}], "id": "CVE-2019-19294", "lastModified": "2024-01-09T10:15:12.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "productcert@siemens.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2020-03-10T20:15:19.413", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"}, {"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "productcert@siemens.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}