OTPulse
FeedAboutContact

Authentication Bypass Vulnerability in Siveillance Video Mobile Server

Act Now9.4SSA-640732Oct 21, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The mobile server component of Siveillance Video 2022 R2 contains an authentication bypass vulnerability (CWE-1390) that allows an unauthenticated remote attacker to access the application without a valid account. Affected versions are Siveillance Video Mobile Server V2022 R2 versions prior to V22.2a (80).

What this means
What could happen
An attacker could bypass authentication and gain unauthorized access to the Siveillance Video mobile server without credentials, potentially enabling theft of video footage, surveillance data manipulation, or unauthorized control of video system functions.
Who's at risk
Organizations operating Siemens Siveillance Video surveillance systems, particularly those managing security camera networks, facility monitoring, or access control systems that rely on the mobile server for remote video access. This affects system administrators and security personnel who depend on the server for authorized surveillance operations.
How it could be exploited
An attacker sends a crafted request to the mobile server over the network without providing valid credentials. The authentication bypass flaw allows the request to succeed, granting the attacker access to the application and its data. From there, the attacker can view, modify, or exfiltrate video content or system settings.
Prerequisites
  • Network access to the Siveillance Video Mobile Server on its listening port
  • No credentials required
  • Mobile server must be running an affected version (V2022 R2 before 22.2a build 80)
Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.4)Affects surveillance/security systems
Exploitability
Moderate exploit probability (EPSS 1.2%)
Affected products (1)
ProductAffected VersionsFix Status
Siveillance Video Mobile Server V2022 R2< V22.2a (80)22.2a (80)
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Siveillance Video Mobile Server to version 22.2a (80) or later by applying the Mobile Server Installer hotfix
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/96bbb5bb-ff09-4496-924a-5a44daff6b4b