CVE-2020-15785
MEDIUMSiveillance Video Client - Cleartext Transmission of Sensitive Information via NTLM Authentication
Title source: llmDescription
A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-770698.pdf
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-252-05
Scores
CVSS v3
5.3
EPSS
0.0036
EPSS Percentile
57.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (1)
siemens/siveillance_video_client
Published
Sep 09, 2020
Tracked Since
Feb 18, 2026