Siemens Siveillance Video Camera

Plan PatchCVSS 7.8ICS-CERT ICSA-25-016-03Jan 14, 2025

Siemens

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Camera device drivers in the Siveillance Video Device Pack versions before 13.5 store camera authentication credentials in plaintext log files when authentication fails. An attacker with local access to the Recording Server can read these log files to obtain camera credentials. This affects confidentiality of camera access and could enable unauthorized access to video surveillance systems.

What this means

What could happen

A local attacker with access to the Recording Server could read camera login credentials stored in log files when authentication failures occur, potentially gaining access to camera streams and compromising video surveillance integrity.

Who's at risk

Video surveillance operators and security personnel managing Siemens Siveillance installations, particularly those using Recording Servers that aggregate camera feeds from multiple device drivers in utility, transportation, or other critical infrastructure environments.

How it could be exploited

An attacker with local access to the Recording Server can read the driver log files where camera credentials are stored after failed authentication attempts. This requires physical or administrative access to the server filesystem to retrieve the plaintext credentials.

Prerequisites

Local access to the Recording Server filesystem
Access to driver log files on the Recording Server
Knowledge that log files contain camera credentials

Local access required for exploitationHigh attack complexityAffects surveillance systemsCredential exposure vulnerabilityNo remote exploitation possible

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Siveillance Video Device Pack<V13.513.5

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDRestrict local access to driver log files on the Recording Server to trusted personnel only

HARDENINGImplement file-level access controls and audit logging on the Recording Server to track access to driver log files

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siveillance Video Device Pack to version 13.5 or later

CVEs (1)

CVE-2024-12569

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4573b57d-117f-4ef0-8a4d-8c2cfe37f5ee

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.