What is CVE-2019-10940?

CVE-2019-10940 is a critical-severity vulnerability in Siemens Sinema_server, classified under Incorrect Privilege Assignment. CVSS score: 9.9/10. Published 2020-01-16.

How severe is CVE-2019-10940?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Privilege escalation in Siemens Sinema_server

CVE-2019-10940

A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative…

EPSS: 0.012 (64.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Siemens Sinema_server — versions 14.0
Siemens Ag Sinema Server — versions All versions < V14.0 SP2 Update 1

Weakness classification (CWE)

References

productcert@siemens.com (x_refsource_CONFIRM, Vendor Advisory)
productcert@siemens.com (US Government Resource, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2019-10940?: CVE-2019-10940 is a critical-severity vulnerability in Siemens Sinema_server, classified under Incorrect Privilege Assignment. CVSS score: 9.9/10. Published 2020-01-16.
How severe is CVE-2019-10940?: Critical severity. CVSS v3 base score is 9.9 out of 10.