Siemens Siveillance Identity

Plan Patch7.5ICS-CERT ICSA-21-350-14Dec 14, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siveillance Identity v1.5 (all versions) and v1.6 (prior to v1.6.284.0) contain multiple vulnerabilities allowing unauthenticated remote attackers to access or modify internal application resources. The vulnerabilities require only network access to the affected server; no credentials, user interaction, or special configuration is needed. These resources could include identity, credential, or access control data used by physical security and surveillance systems.

What this means

What could happen

An unauthenticated attacker on the network could access or modify internal resources in Siveillance Identity without requiring credentials, potentially compromising identity and access control functions for physical systems managed through this platform.

Who's at risk

Organizations running Siemens Siveillance Identity for surveillance and identity management in security operations centers should be concerned. This affects any facility using Siveillance Identity v1.5 or v1.6 (prior to 1.6.284.0) for camera, access control, or other physical security system integration.

How it could be exploited

An attacker with network access to Siveillance Identity could send crafted requests to internal application endpoints to read or modify resources without authentication. No user interaction or special configuration is required; the attack works against default installations.

Prerequisites

Network access to the Siveillance Identity server on its listening port (typically HTTP/HTTPS)
No credentials required
System must be running affected version (v1.5 any version, or v1.6 prior to 1.6.284.0)

remotely exploitableno authentication requiredlow complexityaffects identity and access control systems

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Siveillance Identity V1.5All versions1.6.284.0

Siveillance Identity V1.6<V1.6.284.01.6.284.0

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to Siveillance Identity servers using firewall rules or network segmentation; limit to authorized administrative workstations and control system networks only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Siveillance Identity V1.5

HOTFIXUpdate Siveillance Identity v1.5 to version 1.6.284.0 or later, or apply version 1.5 SP4 and the Credential Path Tool

Siveillance Identity V1.6

HOTFIXUpdate Siveillance Identity v1.6 to version 1.6.284.0 or later

CVEs (3)

CVE-2021-44522 CVE-2021-44523 CVE-2021-44524

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a5abb6a3-7231-4dc4-91d3-b2330f5c5a91