User Credentials Disclosure Vulnerability in Siveillance Video Open Network Bridge (ONVIF)

Act Now9.9SSA-853866Apr 13, 2021

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A security vulnerability in Siemens Siveillance Video Open Network Bridge (ONVIF) allows an authenticated remote attacker to retrieve and decrypt all user credentials stored on the ONVIF server. The vulnerability results from insecure storage of ONVIF user credentials. Affected versions include 2020 R1, R2, R3 and five additional versions. Siemens recommends applying hotfixes for both Open Network Bridge and ONVIF Bridge installers at the earliest opportunity.

What this means

What could happen

An authenticated attacker could retrieve and decrypt all user credentials stored on the ONVIF server, potentially allowing them to access other video management systems and networked devices that share credentials or use the same authentication.

Who's at risk

Video surveillance operators and security teams managing Siemens Siveillance Video systems should prioritize this vulnerability. It affects organizations using Open Network Bridge or ONVIF Bridge (2020 R1 through 2020 R3) for IP video camera integration and management.

How it could be exploited

An attacker with valid credentials to the Siveillance system could connect to the Open Network Bridge server and exploit improper credential storage to extract and decrypt stored ONVIF user credentials, then use those credentials to pivot to other systems.

Prerequisites

Valid authentication credentials for the Siveillance system
Network access to the Open Network Bridge ONVIF server port
Ability to query the ONVIF credential storage mechanism

Requires valid credentials (authenticated)Affects credential storage mechanismPotential for lateral movement to other systemsMultiple product versions affectedCredential exposure severity

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Siveillance Video Open Network Bridge2020 R3; 2020 R2; 2020 R1 and 5 moreNo fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDChange all ONVIF user credentials immediately after applying the hotfix to ensure compromised credentials are invalidated

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply the hotfix using the latest available installer for Open Network Bridge

HOTFIXApply the hotfix using the latest available installer for ONVIF Bridge

Long-term hardening

0/1

HARDENINGEnforce network segmentation to restrict direct access to the Open Network Bridge server to authorized video management personnel only

CVEs (1)

CVE-2021-27392

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21344a22-53f1-46b9-b4fd-a9211aee8c17