Design/Logic Flaw

2023-05-0913:15:00

PRIOn knowledge base

www.prio-n.com

siveillance video

management server

vulnerability

remote code execution

deserialization

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.7%

JSON

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.

CPENameOperatorVersion
siveillance_videoeq2023 r1
siveillance_videoeq2022 r3
siveillance_videoeq2022 r1
siveillance_videoeq2022 r2
siveillance_videoeq2021 r1
siveillance_videoeq2021 r2
siveillance_videoeq2020 r3
siveillance_videoeq2020 r2

Name	Operator	Version
siveillance_video	eq	2023 r1
siveillance_video	eq	2022 r3
siveillance_video	eq	2022 r1
siveillance_video	eq	2022 r2
siveillance_video	eq	2021 r1
siveillance_video	eq	2021 r2
siveillance_video	eq	2020 r3
siveillance_video	eq	2020 r2

References

cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf