ICSA-19-162-01 Siemens Siveillance VMS

Plan Patch8.8ICS-CERT ICSA-19-162-01Jun 11, 2019

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Siemens Siveillance VMS contains improper access control and authorization vulnerabilities (CWE-862, CWE-285) in versions 2017 R2 through 2019 R1. An authenticated user with network access to the VMS server could bypass authorization checks and execute arbitrary code with elevated privileges. The vulnerability affects the HTTP interface on port 80. No public exploits are currently known.

What this means

What could happen

An authenticated attacker with network access to the VMS server could execute arbitrary code with elevated privileges, allowing them to manipulate video surveillance recordings, shut down monitoring systems, or alter security alert configurations—compromising physical security monitoring and incident response capability at the facility.

Who's at risk

Video surveillance operators and security teams using Siemens Siveillance VMS for physical security monitoring at water utilities, power plants, chemical facilities, or other critical infrastructure. Any organization relying on VMS systems for facility access control logs, incident recording, or security alerting is affected.

How it could be exploited

An attacker with valid VMS user credentials and network access to port 80 (HTTP) on the Siveillance VMS server could send a malicious request that exploits improper access control or authorization checks. This allows the attacker to execute arbitrary commands on the VMS server, potentially gaining control over video feeds, recordings, and alert systems.

Prerequisites

Valid user account credentials for the Siveillance VMS system
Network access to the VMS server on port 80/TCP (HTTP)
The VMS server must be running an affected version (2017 R2 through 2019 R1)

remotely exploitablerequires valid authenticationaffects security monitoring systemsaffects all major Siveillance releases from 2017-2019

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

Siveillance VMS 2017 R2<V11.2av11.2a

Siveillance VMS 2018 R1<V12.1av12.1a

Siveillance VMS 2018 R2<V12.2av12.2a

Siveillance VMS 2018 R3<V12.3av12.3a

Siveillance VMS 2019 R1<V13.1av13.1a

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDBlock port 80/TCP at the external firewall to prevent unauthenticated access to the VMS server from untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siveillance VMS to the patched version appropriate for your release: v11.2a (2017 R2), v12.1a (2018 R1), v12.2a (2018 R2), v12.3a (2018 R3), or v13.1a (2019 R1)

Long-term hardening

0/1

HARDENINGIsolate the Siveillance VMS server on a dedicated network segment separate from the business network and enforce access controls to allow only authorized operator workstations

CVEs (3)

CVE-2019-6580 CVE-2019-6581 CVE-2019-6582

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7ced8eb7-080e-4bac-8494-5da2a3a6cb40