OTPulse
FeedAboutContact

Siemens Siveillance Video Mobile Server

Act Now9.4ICS-CERT ICSA-22-298-03Oct 21, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The Siveillance Video Mobile Server component (version 2022 R2 prior to V22.2a(80)) contains an authentication bypass vulnerability that allows an unauthenticated remote attacker to access the application without valid credentials. This affects the mobile server installer and any deployments of the Mobile Server component in Siveillance Video 2022 R2.

What this means
What could happen
An attacker could bypass authentication and gain unauthorized access to the Siveillance Video Mobile Server without credentials, potentially allowing them to view live video feeds, modify camera configurations, or disable surveillance monitoring across your facility.
Who's at risk
This affects any organization running Siemens Siveillance Video 2022 R2 for security surveillance, including water authorities, utilities, manufacturing plants, and municipal facilities that rely on video monitoring for asset protection or safety compliance. The mobile server allows remote viewing and management of cameras, so an unauthorized user could view sensitive facility layouts or disable monitoring.
How it could be exploited
An attacker on the network sends a specially crafted request to the mobile server (port typically 443 or 80) that exploits the authentication bypass. The server accepts the request without validating credentials, granting the attacker access to the administrative interface and video streams.
Prerequisites
  • Network access to the Siveillance Video Mobile Server on the applicable port (HTTP/HTTPS)
  • Mobile server running version 2022 R2 prior to V22.2a(80)
  • Mobile server internet-facing or accessible from an untrusted network segment
Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS (9.4)Affects surveillance/security systems
Exploitability
Moderate exploit probability (EPSS 1.2%)
Affected products (1)
ProductAffected VersionsFix Status
Siveillance Video Mobile Server V2022 R2<V22.2a 8022.2a (80)
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDEnable the feature 'Servers > Mobile Servers > Deny the built-in Administrators role access to the mobile servers' on all configured mobile servers
HARDENINGRestrict network access to the mobile server using firewall rules—do not expose to the Internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply Siveillance Video 2022 R2 hotfix to update Mobile Server to V22.2a(80) or later
Long-term hardening
0/2
HARDENINGIsolate Siveillance Video infrastructure behind a firewall and on a separate network segment from business systems
HARDENINGRequire VPN or secure remote access methods if mobile server must be accessed remotely
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/c7036047-8bf2-415f-bcdf-e0cb3afb1329