CVE-2019-6580

moderate-risk

Published 2019-06-12

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Do I need to act?

0.38% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (5)

Siveillance Video Management Software 2017 R2

Siveillance Video Management Software 2018 R1

Siveillance Video Management Software 2018 R2

Siveillance Video Management Software 2018 R3

Siveillance Video Management Software 2019 R1

Affected Vendors

Siemens

References (4)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-212009.pdf

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-19-162-01

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-212009.pdf

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-19-162-01

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 12/34 · Low