Siemens Siveillance Video Management Servers

MonitorCVSS 6.3ICS-CERT ICSA-26-043-07Feb 10, 2026

Siemens

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The Webhooks implementation in Siveillance Video Management Servers contains an access control vulnerability (CWE-862) that allows an authenticated attacker with read-only user privileges to escalate to full access on the Webhooks API. This bypasses intended role-based access controls and enables the attacker to perform administrative actions on webhook configurations despite having restricted permissions. The vulnerability affects multiple versions of Siveillance Video (2023 R1 through 2025).

What this means

What could happen

An authenticated user with read-only access to Siveillance Video Management Server could escalate privileges to gain full control over the Webhooks API, potentially allowing them to modify video surveillance configurations, trigger automated alerting actions, or redirect video feeds.

Who's at risk

Organizations operating Siemens Siveillance Video Management Servers for surveillance and security monitoring in critical infrastructure, including utilities, transportation, and manufacturing facilities. Anyone managing user access to these systems should be concerned about unauthorized privilege escalation through read-only accounts.

How it could be exploited

An attacker with a read-only user account on the Siveillance Video Management Server accesses the Webhooks API endpoint. Due to improper access control, the API fails to validate that the user should have restricted privileges, allowing the attacker to create, modify, or delete webhooks despite their read-only role assignment.

Prerequisites

Valid read-only user account on Siveillance Video Management Server
Network access to the Management Server and Webhooks API endpoint
Knowledge of Webhooks API structure or ability to discover it through the interface

remotely exploitableauthentication required (read-only account)low complexityprivilege escalation vulnerabilityaffects security infrastructure (video surveillance)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

Siveillance Video V2023 R1<V23.1 HotfixRev1823.1 HotfixRev18

Siveillance Video V2023 R2<V23.2 HotfixRev1823.2 HotfixRev18

Siveillance Video V2023 R3<V23.3 HotfixRev2323.3 HotfixRev23

Siveillance Video V2024 R1<V24.1 HotfixRev1424.1 HotfixRev14

Siveillance Video V2025<V25.1 HotfixRev825.1 HotfixRev8

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDAudit and restrict read-only user role assignments until patches are applied; treat read-only accounts as having full Webhooks API access

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

Siveillance Video V2023 R1

HOTFIXUpdate Siveillance Video V2023 R1 to 23.1 HotfixRev18 or later

Siveillance Video V2023 R2

HOTFIXUpdate Siveillance Video V2023 R2 to 23.2 HotfixRev18 or later

Siveillance Video V2023 R3

HOTFIXUpdate Siveillance Video V2023 R3 to 23.3 HotfixRev23 or later

Siveillance Video V2024 R1

HOTFIXUpdate Siveillance Video V2024 R1 to 24.1 HotfixRev14 or later

Siveillance Video V2025

HOTFIXUpdate Siveillance Video V2025 to 25.1 HotfixRev8 or later

CVEs (1)

CVE-2025-0836

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/856c45da-62bb-44e3-b5c1-4112500b5a46

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.