SSA-844761 (Last Update: 2020-03-10): Multiple Vulnerabilities in CCS, FTP and Streaming Services of SiNVR Video Management Solution


2020-03-10 00:00:00 UTC


SiNVR V3 contains several vulnerabilities in the components Central Control Server (CCS), as well as in the FTP and streaming services of the Video Server. The vulnerabilities involve path traversal (CVE-2019-19290, CVE-2019-19296, CVE-2019-19297), information disclosure (CVE-2019-19291, CVE-2019-19299), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), insufficient logging (CVE-2019-19295), and denial-of-service (CVE-2019-19298).

Siemens recommends specific countermeasures until fixes are available.