Vulnerability in Siveillance Control Allows Write Privileges for Read-Only Users
CVE-2023-45793

5.5MEDIUM

Key Information:

Vendor
Siemens
Status
Siveillance Control
Vendor
CVE Published:
12 March 2024

Summary

A significant access control vulnerability exists in Siemens Siveillance Control across versions starting from V2.8 and prior to V3.1.1. This flaw arises from improper validation of access groups assigned to users, potentially allowing a locally logged on user to elevate their permissions. Such users could gain unauthorized write access to objects, despite having only read permissions initially. This vulnerability presents serious implications for data integrity and security within affected systems.

Affected Version(s)

Siveillance Control V2.8

References

https://cert-portal.siemens.com/productcert/html/ssa-1451...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.