CVE-2019-10941

MEDIUM

SINEMA Server < V14 SP3 - Unauthenticated System Configuration Backup File Access

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf

Scores

CVSS v3 5.3
EPSS 0.0018
EPSS Percentile 39.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-306
Status published
Products (2)
siemens/sinema_server 14.0 (3 CPE variants)
siemens/sinema_server < 14.0
Published Sep 14, 2021
Tracked Since Feb 18, 2026