CVE-2019-6580

9.8CRITICAL

Key Information:

Vendor
Siemens
Status
Siveillance Vms 2017 R2
Siveillance Vms 2018 R1
Siveillance Vms 2018 R2
Siveillance Vms 2018 R3
Vendor
CVE Published:
12 June 2019

Summary

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected Version(s)

Siveillance VMS 2017 R2 All versions < V11.2a

Siveillance VMS 2018 R1 All versions < V12.1a

Siveillance VMS 2018 R2 All versions < V12.2a

References

https://cert-portal.siemens.com/productcert/pdf/ssa-21200...
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-19-162-01
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.