Siemens Siveillance Video Management Servers

Monitor6.3ICS-CERT ICSA-26-043-07Feb 10, 2026

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The Webhooks implementation in Siveillance Video Management Servers contains an authorization flaw (CWE-862) that allows an authenticated attacker with read-only privileges to escalate to full access of the Webhooks API. This affects versions V2023 R1, R2, R3, V2024 R1, and V2025. An attacker could exploit this to create or modify webhooks that execute unauthorized actions triggered by video events, potentially compromising facility security monitoring and enabling lateral movement within the facility network.

What this means

What could happen

An attacker with read-only credentials to the Siveillance Video Management Server could escalate privileges to full access of the Webhooks API, potentially allowing them to configure automated actions that could trigger malicious commands or data exfiltration tied to video events.

Who's at risk

Security and safety personnel operating Siemens Siveillance Video Management Servers used for facility surveillance and access control at water utilities, electric substations, and other critical infrastructure. This affects anyone using video management for security monitoring and event logging in operational environments.

How it could be exploited

An attacker with valid read-only user credentials accesses the Siveillance Video Management Server over the network. Through a privilege escalation flaw in the Webhooks API implementation, they bypass the read-only restriction and gain full administrative control of webhook configurations, enabling them to create or modify webhooks that execute arbitrary actions.

Prerequisites

Valid read-only credentials for Siveillance Video Management Server
Network access to the Management Server on the Webhooks API port
Siveillance Video running a vulnerable version (V23.1, V23.2, V23.3, V24.1, or V25.0)

remotely exploitablelow complexityaffects security systemsprivilege escalation from read-only to full access

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

Siveillance Video V2023 R1<V23.1 HotfixRev1823.1 HotfixRev18

Siveillance Video V2023 R2<V23.2 HotfixRev1823.2 HotfixRev18

Siveillance Video V2023 R3<V23.3 HotfixRev2323.3 HotfixRev23

Siveillance Video V2024 R1<V24.1 HotfixRev1424.1 HotfixRev14

Siveillance Video V2025<V25.1 HotfixRev825.1 HotfixRev8

Remediation & Mitigation

0/7

Do now

0/1

HARDENINGAudit role-based access control (RBAC) settings and restrict read-only access to only users who absolutely require it; treat read-only account credentials as high-privilege until patch is applied

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siveillance Video to V23.1 HotfixRev18 or later

HOTFIXUpdate Siveillance Video to V23.2 HotfixRev18 or later

HOTFIXUpdate Siveillance Video to V23.3 HotfixRev23 or later

HOTFIXUpdate Siveillance Video to V24.1 HotfixRev14 or later

HOTFIXUpdate Siveillance Video to V25.1 HotfixRev8 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict access to Siveillance Video Management Server to authorized workstations and administration networks only

CVEs (1)

CVE-2025-0836

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/856c45da-62bb-44e3-b5c1-4112500b5a46