A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2019-12-12T19:08:46

Updated: 2024-08-05T00:05:43.988Z

Reserved: 2019-07-18T00:00:00

Link: CVE-2019-13947

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-12T19:15:15.327

Modified: 2024-11-21T04:25:45.377

Link: CVE-2019-13947

cve-icon Redhat

No data.