Improper Access Control Vulnerability in the Webhooks Implementation of Siveillance Video Management Servers

Monitor6.3SSA-625934Feb 10, 2026

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The Webhooks implementation in Siveillance Video Management Servers contains an improper access control vulnerability (CWE-862) that allows an authenticated remote attacker with read-only privileges to bypass authorization checks and gain full access to the Webhooks API. This affects all versions of Siveillance Video V2023 R1 through V2025. An attacker could exploit this to modify webhook configurations, redirect security alerts, or manipulate event handling in the video management system.

What this means

What could happen

An authenticated attacker with read-only access to Siveillance Video could escalate privileges to gain full control of the Webhooks API, potentially allowing them to modify video feeds, redirect alerts, or alter event configurations across the video management system.

Who's at risk

Organizations using Siemens Siveillance Video Management Servers for security surveillance should prioritize this update. This affects video management infrastructure at facilities such as transportation hubs, municipal buildings, water utilities with security monitoring, and any industrial sites using Siveillance for physical security and event logging.

How it could be exploited

An attacker with valid read-only credentials (such as a low-privilege operator account) can send crafted requests to the Webhooks API endpoint to bypass access controls and gain administrative-level permissions. The attacker exploits improper privilege checking in the webhook implementation to escalate from read-only to full API control.

Prerequisites

Valid user credentials with at least read-only access to Siveillance Video
Network access to the Siveillance Video Management Server on the management port (typically port 443 or configured HTTPS port)
Ability to reach the Webhooks API endpoints

Remotely exploitableRequires valid credentials but with low privilege levelAllows privilege escalation to full API controlAffects video surveillance and alerting system configuration

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

Siveillance Video V2023 R1All versions < V23.1 HotfixRev1823.1 HotfixRev18

Siveillance Video V2023 R2All versions < V23.2 HotfixRev1823.2 HotfixRev18

Siveillance Video V2023 R3All versions < V23.3 HotfixRev2323.3 HotfixRev23

Siveillance Video V2024 R1All versions < V24.1 HotfixRev1424.1 HotfixRev14

Siveillance Video V2025All versions < V25.1 HotfixRev825.1 HotfixRev8

Remediation & Mitigation

0/7

Do now

0/2

HARDENINGRestrict network access to Siveillance Video management interfaces to authorized IP addresses and accounts only

HARDENINGAudit user accounts and remove unnecessary read-only accounts that do not require Webhooks API access

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

Siveillance Video V2023 R1

HOTFIXUpdate Siveillance Video V2023 R1 to version 23.1 HotfixRev18 or later

Siveillance Video V2023 R2

HOTFIXUpdate Siveillance Video V2023 R2 to version 23.2 HotfixRev18 or later

Siveillance Video V2023 R3

HOTFIXUpdate Siveillance Video V2023 R3 to version 23.3 HotfixRev23 or later

Siveillance Video V2024 R1

HOTFIXUpdate Siveillance Video V2024 R1 to version 24.1 HotfixRev14 or later

Siveillance Video V2025

HOTFIXUpdate Siveillance Video V2025 to version 25.1 HotfixRev8 or later

CVEs (1)

CVE-2025-0836

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9e1a59c5-6ce6-4aad-9c2d-222b39c3b1d1