CVE-2019-19290

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed. Date published : 2020-03-10 https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf