SIEMENS-SSA-761844 · Published 2024-01-09 · View on Siemens ProductCERT ↗

SSA-761844 V1.1 (Last Update: 2024-01-09): Multiple Vulnerabilities in Control Center Server (CCS)

CVSS 9.9 CRITICAL

Risk Summary

The advisory informs about multiple vulnerabilities in the Central Control Server (CCS) application, as initially reported in SSA-761617 (<a href="https://cert-portal.siemens.com/productcert/html/ssa-761617.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-761617.html</a>) on 2019-12-10 and SSA-844761 (<a href="https://cert-portal.siemens.com/productcert/html/ssa-844761.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-844761.html</a>) on 2020-03-10. The vulnerabilities involve authentication bypass (CVE-2019-18337, CVE-2019-18341), path traversal (CVE-2019-18338, CVE-2019-19290), information disclosure (CVE-2019-13947, CVE-2019-18340, CVE-2019-19291), privilege escalation (CVE-2019-18342), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), and insufficient logging (CVE-2019-19295). PKE has released an update for CCS that fixes the reported vulnerabilities, except for CVE-2019-18340. For deta

CVEs (12)

CVE-2019-18337 CVE-2019-18341 CVE-2019-18338 CVE-2019-19290 CVE-2019-13947 CVE-2019-18340 CVE-2019-19291 CVE-2019-18342 CVE-2019-19292 CVE-2019-19293 CVE-2019-19294 CVE-2019-19295

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-761844 V1.1 (Last Update: 2024-01-09): Multiple Vulnerabilities in Control Center Server (CCS) See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more