OTPulse

Siemens Siveillance Video Camera

MonitorCVSS 6.7ICS-CERT ICSA-24-289-01Oct 10, 2024
Siemens
Attack path
Attack VectorAdjacent
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

Several camera device drivers in the Siemens Siveillance Video Device Pack contain a buffer overflow vulnerability. This vulnerability could allow an attacker with local or adjacent network access to execute code with the permissions of the Recording Server user. The vulnerability requires strict conditions to be exploited and has high attack complexity. Siemens has released Device Pack version 13.2 or later as a fix.

What this means
What could happen
An attacker could execute code on the Siveillance Recording Server if they can interact with a vulnerable camera device driver, potentially allowing them to access video streams, modify recordings, or disrupt surveillance operations.
Who's at risk
Organizations operating Siemens Siveillance Video surveillance systems should care about this vulnerability. It affects surveillance infrastructure at water authorities, municipal facilities, and industrial plants that rely on Siemens camera devices for monitoring critical areas. The vulnerability could compromise the integrity of video monitoring and allow unauthorized access to surveillance systems.
How it could be exploited
An attacker must have local or adjacent network access to a Siveillance Video Device Pack with a vulnerable camera driver version, trigger specific conditions to overflow a buffer in the camera driver code, and execute arbitrary code with the permissions of the Recording Server user.
Prerequisites
  • Local or adjacent network access to Siveillance Video Device Pack
  • Vulnerable camera driver version (below V13.2)
  • Ability to interact with or send crafted input to a vulnerable camera device
  • High attack complexity conditions must be met
Buffer overflow vulnerabilityHigh attack complexityNot remotely exploitableRequires local or adjacent network accessNo public exploitation reported
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
Siveillance Video Device Pack<V13.213.2
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siveillance Video Device Pack to version 13.2 or later
Long-term hardening
0/2
HARDENINGRestrict network access to Siveillance Video devices by placing them behind a firewall and isolating the surveillance network from the business network
HARDENINGImplement network segmentation to ensure Siveillance Video devices are not directly accessible from the internet
View full CISA ICS-CERT advisory
API: /api/v1/advisories/e6f9ab76-578f-419b-a394-5cce9f80ba13

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.