Sign-up

ID

VAR-202009-0567


CVE

CVE-2020-15785


TITLE

Siveillance Video Client  Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010971

DESCRIPTION

A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks. Siveillance Video (formerly known as Siveillance VMS) is an IP video management software

Trust: 2.25

sources: NVD: CVE-2020-15785 // JVNDB: JVNDB-2020-010971 // CNVD: CNVD-2020-51234 // VULMON: CVE-2020-15785

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-51234

AFFECTED PRODUCTS

vendor:siemensmodel:siveillance video clientscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:siveillance video clientscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:siveillance video clientscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-51234 // JVNDB: JVNDB-2020-010971 // NVD: CVE-2020-15785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15785
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-15785
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-51234
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202009-499
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-15785
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-15785
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-51234
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-15785
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-15785
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-51234 // VULMON: CVE-2020-15785 // JVNDB: JVNDB-2020-010971 // CNNVD: CNNVD-202009-499 // NVD: CVE-2020-15785

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:Sending important information in clear text (CWE-319) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010971 // NVD: CVE-2020-15785

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-499

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202009-499

PATCH

title:SSA-770698url:https://cert-portal.siemens.com/productcert/pdf/ssa-770698.pdf

Trust: 0.8

title:Patch for Siemens Siveillance Video Client user information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/233371

Trust: 0.6

title:Siemens Siveillance Video Client Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127920

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=e3eeb300ccc73e763f7e54638b3f1f2d

Trust: 0.1

sources: CNVD: CNVD-2020-51234 // VULMON: CVE-2020-15785 // JVNDB: JVNDB-2020-010971 // CNNVD: CNNVD-202009-499

EXTERNAL IDS

db:NVDid:CVE-2020-15785

Trust: 3.9

db:ICS CERTid:ICSA-20-252-05

Trust: 2.5

db:SIEMENSid:SSA-770698

Trust: 2.3

db:JVNid:JVNVU94568336

Trust: 0.8

db:JVNDBid:JVNDB-2020-010971

Trust: 0.8

db:CNVDid:CNVD-2020-51234

Trust: 0.6

db:AUSCERTid:ESB-2020.3087

Trust: 0.6

db:CNNVDid:CNNVD-202009-499

Trust: 0.6

db:VULMONid:CVE-2020-15785

Trust: 0.1

sources: CNVD: CNVD-2020-51234 // VULMON: CVE-2020-15785 // JVNDB: JVNDB-2020-010971 // CNNVD: CNNVD-202009-499 // NVD: CVE-2020-15785

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-252-05

Trust: 2.5

url:https://cert-portal.siemens.com/productcert/pdf/ssa-770698.pdf

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-15785

Trust: 1.4

url:https://jvn.jp/vu/jvnvu94568336/index.html

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.3087/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/319.html

Trust: 0.2

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/187904

Trust: 0.1

sources: CNVD: CNVD-2020-51234 // VULMON: CVE-2020-15785 // JVNDB: JVNDB-2020-010971 // CNNVD: CNNVD-202009-499 // NVD: CVE-2020-15785

SOURCES

db:CNVDid:CNVD-2020-51234
db:VULMONid:CVE-2020-15785
db:JVNDBid:JVNDB-2020-010971
db:CNNVDid:CNNVD-202009-499
db:NVDid:CVE-2020-15785

LAST UPDATE DATE

2024-11-23T21:07:06.898000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-51234date:2020-09-10T00:00:00
db:VULMONid:CVE-2020-15785date:2020-09-23T00:00:00
db:JVNDBid:JVNDB-2020-010971date:2022-03-11T06:04:00
db:CNNVDid:CNNVD-202009-499date:2020-10-22T00:00:00
db:NVDid:CVE-2020-15785date:2024-11-21T05:06:10.543

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-51234date:2020-09-10T00:00:00
db:VULMONid:CVE-2020-15785date:2020-09-09T00:00:00
db:JVNDBid:JVNDB-2020-010971date:2021-03-04T00:00:00
db:CNNVDid:CNNVD-202009-499date:2020-09-08T00:00:00
db:NVDid:CVE-2020-15785date:2020-09-09T19:15:19.587