SIEMENS-SSA-844761 · Published 2024-01-09 · View on Siemens ProductCERT ↗

SSA-844761 V1.3 (Last Update: 2024-01-09): Multiple Vulnerabilities in SiNVR/SiVMS Video Server

CVSS 7.5 HIGH

Risk Summary

<p>The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298).</p> <p>PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. For details contact PKE (<a href="https://pke.at/" class="uri">https://pke.at/</a>).</p>

CVEs (5)

CVE-2019-19291 CVE-2019-19299 CVE-2019-19296 CVE-2019-19297 CVE-2019-19298

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-844761 V1.3 (Last Update: 2024-01-09): Multiple Vulnerabilities in SiNVR/SiVMS Video Server See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more