SSA-761617 V1.2 (Last Update: 2024-01-09): Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server | allinfosecnews.com

Jan. 9, 2024, midnight |

Siemens ProductCERT Security Advisories cert-portal.siemens.com

The Video Server application in SiNVR/SiVMS solutions contains two vulnerabilities involving authentication bypass (CVE-2019-18339) and information disclosure (CVE-2019-18340).

PKE has released an update of the application that fixes CVE-2019-18339. This update is not available under the former Siemens OEM brand name SiNVR. For details contact PKE (https://pke.at/).

Siemens recommends specific countermeasures to mitigate the vulnerabilities.

application authentication authentication bypass bypass countermeasures cve disclosure information information disclosure server siemens solutions ssa update video vulnerabilities

More from cert-portal.siemens.com / Siemens ProductCERT Security Advisories

SSA-923361 V1.0: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0011 2 weeks, 5 days ago | cert-portal.siemens.com

application arbitrary code arbitrary code execution code +9

SSA-871704 V1.0: Multiple Vulnerabilities in SICAM Products 2 weeks, 5 days ago | cert-portal.siemens.com

code code execution device escalation +14

SSA-925850 V1.0: Improper Access Control in Polarion ALM 2 weeks, 5 days ago | cert-portal.siemens.com

access access control access controls apache +11

SSA-976324 V1.0: Multiple IGS File Parsing Vulnerabilities in PS/IGES Parasolid Translator Component before V27.1.215 2 weeks, 5 days ago | cert-portal.siemens.com

application crash file files +6

SSA-953710 V1.0: Vulnerabilities in the Network Communication Stack in Desigo Fire Safety UL and Cerberus … 2 weeks, 5 days ago | cert-portal.siemens.com

access attacker buffer buffer overflow +17

SSA-916916 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.5 2 weeks, 5 days ago | cert-portal.siemens.com

application arbitrary files attacker attacks +18

SSA-935500 V1.1 (Last Update: 2024-05-14): Denial of Service Vulnerability in FTP Server of Nucleus RTOS … 2 weeks, 5 days ago | cert-portal.siemens.com

countermeasures fix fixes latest +6

SSA-962515 V1.0: Out of Bounds Read Vulnerability in Industrial Products 2 weeks, 5 days ago | cert-portal.siemens.com

attacker blue bsod crash +13

SSA-661579 V1.0: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go 2 weeks, 5 days ago | cert-portal.siemens.com

application crash file files +7

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com