SSA-844761 (Last Update: 2020-03-10): Multiple Vulnerabilities in CCS, FTP and Streaming Services of SiNVR Video Management Solution

Published

2020-03-10 00:00:00 UTC

Summary

SiNVR V3 contains several vulnerabilities in the components Central Control Server (CCS), as well as in the FTP and streaming services of the Video Server. The vulnerabilities involve path traversal (CVE-2019-19290, CVE-2019-19296, CVE-2019-19297), information disclosure (CVE-2019-19291, CVE-2019-19299), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), insufficient logging (CVE-2019-19295), and denial-of-service (CVE-2019-19298).

Siemens recommends specific countermeasures until fixes are available.