Code Execution Vulnerabilities in Siveillance Video Event and Management Servers
Act Now9.9SSA-789345May 9, 2023
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
Siveillance Video Event Server and Management Server components deserialize untrusted data without sufficient validation, enabling authenticated remote attackers to execute arbitrary code. Both the Event Server (ES) and Management Server (MS) are affected across all versions from 2020 R2 through 2023 R1. Siemens has released cumulative hotfix releases that address the vulnerability in both components; these must be applied to all relevant servers in the deployment.
What this means
What could happen
An attacker with valid credentials could execute arbitrary code on Siveillance Video servers, potentially disrupting surveillance operations, altering recorded footage, or gaining access to video management system controls.
Who's at risk
Facilities managers, security operations, and video surveillance teams running Siemens Siveillance Video systems should be concerned. This affects both Event Server and Management Server components across all versions from 2020 R2 through 2023 R1, impacting surveillance infrastructure at critical facilities including water authorities, power plants, and other utilities.
How it could be exploited
An attacker must obtain valid credentials for the Siveillance Video system (Event Server or Management Server). They then craft a malicious serialized object and send it to the vulnerable deserialization endpoint, causing the server to execute arbitrary code.
Prerequisites
- Valid user credentials for Siveillance Video Event Server or Management Server
- Network access to the Event Server or Management Server on its service port
- Ability to send serialized data to the vulnerable component
Remotely exploitableRequires authenticationAffects all major Siveillance Video versionsLow attack complexityHigh CVSS score (9.9)
Exploitability
Moderate exploit probability (EPSS 1.9%)
Affected products (8)
8 with fix
ProductAffected VersionsFix Status
Siveillance Video 2020 R2< V20.2 HotfixRev1420.2 HotfixRev14
Siveillance Video 2020 R3< V20.3 HotfixRev1220.3 HotfixRev12
Siveillance Video 2021 R1< V21.1 HotfixRev1221.1 HotfixRev12
Siveillance Video 2021 R2< V21.2 HotfixRev821.2 HotfixRev8
Siveillance Video 2022 R1< V22.1 HotfixRev722.1 HotfixRev7
Siveillance Video 2022 R2< V22.2 HotfixRev522.2 HotfixRev5
Siveillance Video 2022 R3< V22.3 HotfixRev222.3 HotfixRev2
Siveillance Video 2023 R1< V23.1 HotfixRev123.1 HotfixRev1
Remediation & Mitigation
0/10
Do now
0/2HARDENINGRestrict network access to Siveillance Event Server and Management Server ports to authorized personnel and systems only
HARDENINGEnforce strong authentication credentials and implement access control for Siveillance Video accounts
Schedule — requires maintenance window
0/8Patching may require device reboot — plan for process interruption
Siveillance Video 2020 R2
HOTFIXUpdate Siveillance Video 2020 R2 to V20.2 HotfixRev14 or later
Siveillance Video 2020 R3
HOTFIXUpdate Siveillance Video 2020 R3 to V20.3 HotfixRev12 or later
Siveillance Video 2021 R1
HOTFIXUpdate Siveillance Video 2021 R1 to V21.1 HotfixRev12 or later
Siveillance Video 2021 R2
HOTFIXUpdate Siveillance Video 2021 R2 to V21.2 HotfixRev8 or later
Siveillance Video 2022 R1
HOTFIXUpdate Siveillance Video 2022 R1 to V22.1 HotfixRev7 or later
Siveillance Video 2022 R2
HOTFIXUpdate Siveillance Video 2022 R2 to V22.2 HotfixRev5 or later
Siveillance Video 2022 R3
HOTFIXUpdate Siveillance Video 2022 R3 to V22.3 HotfixRev2 or later
Siveillance Video 2023 R1
HOTFIXUpdate Siveillance Video 2023 R1 to V23.1 HotfixRev1 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d8b0d8ab-528e-46c0-8515-b7ea994de787