N/A

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

对路径名的限制不恰当(路径遍历)

Siemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 路径遍历漏洞

Siemens SiNVR 3 Central Control Server（CCS）和SiNVR 3 Video Server都是德国西门子（Siemens）公司的产品。SiNVR 3 Central Control Server是一款用于SiNVR 3视频监控系统的中央控制服务器。SiNVR 3 Video Server是一款用于SiNVR 3视频监控系统的视频服务器。 Siemens SiNVR 3 CCS（全部版本）和SiNVR 3 Video Server（全部版本）中存在路径遍历漏洞。该漏洞源

N/A

N/A