CVE-2023-30899

high-risk
Published 2023-05-09

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.

Do I need to act?

~
1.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Siveillance Video
Siveillance Video
Siveillance Video
Siveillance Video
Siveillance Video
Siveillance Video
Siveillance Video
Siveillance Video

Affected Vendors

Siemens

References (2)

Vendor Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf
Vendor Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf
52
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 5/34 · Minimal
Exposure 14/34 · Moderate