System Configuration Password Reset in Siveillance Video V2024 R1

Monitor5.5SSA-552330May 14, 2025

Attack VectorNetwork

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

The installer for Siveillance Video V2024 R1 automatically resets the system configuration password during upgrades from older versions. This removal of password protection affects both system configuration files and backup datasets created after the update. Siemens recommends manually resetting the system configuration password and implementing network access controls as compensating security measures, with no firmware fix currently available.

What this means

What could happen

An administrator updating Siveillance Video to V2024 R1 may lose password protection on system configuration files, potentially allowing unauthorized access to surveillance settings and backup data. This could enable an attacker with system access to modify surveillance parameters or export video evidence.

Who's at risk

Video surveillance system administrators and security personnel at facilities running Siemens Siveillance Video. This affects organizations that rely on surveillance for security monitoring, including airports, transit systems, critical infrastructure sites, and other facilities where unauthorized changes to recording settings could impact safety and security operations.

How it could be exploited

An attacker with access to the Siveillance Video system (such as a facility staff member or someone who has gained network access) could locate the unprotected system configuration files after an upgrade to V2024 R1 and modify surveillance settings, disable recording, or extract backup data without authentication.

Prerequisites

Administrative or local/network access to Siveillance Video system
System must have been upgraded from a pre-V2024 R1 version to V2024 R1
Knowledge that configuration files are now unprotected (unless administrator manually resets password)

password protection removed by automatic installer actionaffects configuration files and backup datano vendor patch plannedcould allow unauthorized modification of surveillance settings

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Siveillance Video≥ V24.1No fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDManually reset the system configuration password immediately after updating to V2024 R1

HARDENINGVerify that password protection is re-enabled on all system configuration files and backup datasets

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network access controls to limit which systems and users can reach Siveillance Video management interfaces

HARDENINGReview access logs for any unauthorized modifications to system configuration or backups that occurred after the V2024 R1 upgrade

CVEs (1)

CVE-2025-1688

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a3de2b56-766e-4cb9-8ccf-144cc0d0aed3