OTPulse
FeedAboutContact

Siemens Siveillance Video Camera

Plan Patch7.8ICS-CERT ICSA-25-016-03Jan 14, 2025
Attack VectorLocal
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary

Several camera device drivers in the Siveillance Video Device Pack versions prior to 13.5 store camera credentials in driver log files when authentication fails. An attacker with local access to the Recording Server can read these log files and extract plaintext credentials, enabling unauthorized camera access. Siemens has released Device Pack version 13.5 which fixes the issue. The vulnerability has high attack complexity and requires local access, so remote exploitation is not possible.

What this means
What could happen
A local attacker with access to the Recording Server could read stored camera authentication credentials from log files, potentially allowing unauthorized access to video surveillance cameras and the data they contain.
Who's at risk
Video surveillance operators and plant IT staff responsible for Siemens Siveillance Video systems should be aware of this credential exposure risk. This affects recording servers that store camera authentication data and any facilities using Siveillance cameras for security monitoring.
How it could be exploited
An attacker with local access to the Recording Server can browse or read the camera device driver log files where failed authentication attempts are logged. If a camera credentials were used in a failed login, the attacker could extract those credentials from the plaintext log and use them to access the camera system.
Prerequisites
  • Local access to the Recording Server filesystem
  • Access to camera device driver log files
  • Knowledge of where log files are stored
Credential exposure in log filesRequires local access (not remote)Requires administrative or trusted-user privileges
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Siveillance Video Device Pack<V13.513.5
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict local access to the Recording Server and camera device driver log files to trusted personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siveillance Video Device Pack to version 13.5 or later
Long-term hardening
0/2
HARDENINGPlace Siveillance Video systems behind firewalls and isolate from business network
HARDENINGMinimize or disable remote access unless required; use VPN if remote access is necessary
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4573b57d-117f-4ef0-8a4d-8c2cfe37f5ee