OTPulse

Siemens and Milestone Siveillance Video Open Network Bridge

Plan PatchCVSS 9.9ICS-CERT ICSA-21-103-15Apr 13, 2021
Siemens
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Siveillance Video Open Network Bridge contains a vulnerability in how it stores ONVIF user credentials. The vulnerability allows an authenticated remote attacker to retrieve and decrypt all ONVIF user credentials stored on the server. This could lead to unauthorized access to surveillance cameras and connected ONVIF devices. Siemens recommends applying hotfixes immediately for all affected versions (2018 R2 through 2020 R3). As a workaround, users can disable the Open Network Bridge if ONVIF functionality is not required. Network access to ONVIF services should be restricted with firewalls.

What this means
What could happen
An authenticated attacker could retrieve and decrypt all stored ONVIF user credentials from the Siveillance Video Open Network Bridge server, potentially gaining access to camera systems and other connected surveillance infrastructure that rely on those credentials.
Who's at risk
Water utilities and electric utilities that use Siemens Siveillance Video Open Network Bridge for surveillance of substations, water treatment plants, or other critical infrastructure. This includes any deployment where the ONVIF bridge is enabled to integrate IP cameras or ONVIF-compliant devices into the surveillance system.
How it could be exploited
An attacker with valid credentials to the Siveillance Video Open Network Bridge (ONVIF) can connect remotely to port 8080 or the configured ONVIF service port, then exploit the insecure credential storage mechanism to read and decrypt all user credentials stored on the ONVIF server, including those for integrated cameras and devices.
Prerequisites
  • Valid credentials (username and password) for the Siveillance Video Open Network Bridge
  • Network access to the ONVIF service port (typically port 8080 or configured ONVIF port)
  • Open Network Bridge (ONVIF) must be enabled (disabled by default, but enabled in many deployments)
Remotely exploitableAffects authentication and credential managementDefault configuration has ONVIF disabled (reduces immediate risk if defaults not changed)Requires valid credentials (reduces attack surface compared to no-auth vulnerabilities)Insecure credential storage allows decryption of all stored credentials
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (1)
ProductAffected VersionsFix Status
Siveillance Video Open Network Bridge2020 R32020 R22020 R1 and 5 moreNo fix yet
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDDisable Open Network Bridge (ONVIF) if it is not actively used in your surveillance deployment
HARDENINGRestrict network access to ONVIF service ports using firewall rules; only allow trusted engineering and monitoring systems to connect
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply Siemens hotfix for your version of Siveillance Video Open Network Bridge (2018 R2 through 2020 R3)
Long-term hardening
0/1
HARDENINGIsolate surveillance and video infrastructure on a separate network segment from business systems and the Internet
View full CISA ICS-CERT advisory
API: /api/v1/advisories/966be7c7-c300-476d-9b16-9add53c51489

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Siemens and Milestone Siveillance Video Open Network Bridge | CVSS 9.9 - OTPulse