Unauthorized Modification in Siveillance VMS by Siemens
CVE-2019-6582

7.1HIGH

Key Information:

Vendor: Siemens
Status: Siveillance Vms 2017 R2; Siveillance Vms 2018 R1; Siveillance Vms 2018 R2; Siveillance Vms 2018 R3
Vendor: CVE Published:; 12 June 2019

Summary

A vulnerability in Siemens Siveillance VMS allows attackers with network access to port 80/TCP to modify user-defined event properties without proper authorization. This issue affects multiple versions of the product, enabling an authenticated attacker to exploit the service without requiring user interaction. The successful exploitation of this vulnerability compromises the integrity of the event properties and may affect the availability of related functionalities. As of the advisory's publication, there has been no known public exploitation of this vulnerability.

Affected Version(s)

Siveillance VMS 2017 R2 All versions < V11.2a

Siveillance VMS 2018 R1 All versions < V12.1a

Siveillance VMS 2018 R2 All versions < V12.2a

References

https://cert-portal.siemens.com/productcert/pdf/ssa-21200...

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-19-162-01

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 12, 2019
Vulnerability Reserved
Jan 22, 2019