OTPulse
FeedAboutContact

Siemens Siveillance Video Client

Monitor5.3ICS-CERT ICSA-20-252-05Sep 8, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The Siveillance Video Client transmits authentication credentials in a way that allows interception when using NTLM authentication. An attacker with network access could capture these credentials, potentially gaining unauthorized access to video surveillance systems. The vulnerability is in how the client handles credential transmission rather than a code flaw. Siemens recommends switching to Kerberos authentication and applying network segmentation controls.

What this means
What could happen
An attacker with network access could intercept credentials transmitted by the Siveillance Video Client if NTLM authentication is in use, potentially gaining unauthorized access to video surveillance systems and monitoring infrastructure.
Who's at risk
Video surveillance operators and security personnel at water utilities, electric utilities, and other critical infrastructure using Siemens Siveillance Video Client for monitoring. Affects all versions of the Siveillance Video Client software.
How it could be exploited
An attacker on the same network segment as the Siveillance Video Client could perform a network sniffing or man-in-the-middle attack to capture unencrypted NTLM authentication credentials during login. With captured credentials, the attacker could authenticate to the video management system and access surveillance feeds or modify system configuration.
Prerequisites
  • Network access to the same segment as the Siveillance Video Client
  • Client configured to use NTLM authentication instead of Kerberos
  • No encryption or credential hardening controls in place between client and server
Remotely exploitableLow authentication complexityLow CVSS score but affects monitoring infrastructureNo vendor patch available
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
Siveillance Video Client: All versionsAll versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDSwitch Siveillance Video Client authentication from NTLM to Kerberos using the guidance in the Siveillance Video Hardening Guide
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGRestrict network access to Siveillance Video Client to authorized workstations only via firewall rules
Mitigations - no patch available
0/1
Siveillance Video Client: All versions has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment video surveillance network from business network using a firewall with access controls
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a600bdb7-bef0-4830-9f68-8e4191172409
Siemens Siveillance Video Client | CVSS 5.3 - OTPulse