Siemens created an update to mitigate an improper certificate validation in its Siveillance VMS Video Mobile App, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, discovered by Karsten Sohr from TZI Bremen, could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server.
Siemens reports the vulnerability affects the following Siveillance VMS Video Mobile Apps:
• Siveillance VMS Video for Android, all versions prior to V12.1a (2018 R1)
• Siveillance VMS Video for iOS: all versions prior to V12.1a (2018 R1)
In the vulnerability, an improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server.
The vulnerability could end up exploited by an attacker in a privileged network position, which allows interception of the communication channel between the affected app and a server (such as man-in-the-middle). However, an attacker must be able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate.
CVE-2018-4849 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.8.
The product sees use mainly in the commercial facilities sector and on a global basis.
No known public exploits specifically target this vulnerability. High skill level is needed to exploit.
Siemens has the following updates and recommends all users update to the newest version:
1. Siveillance VMS Video for Android: Update to V12.1a (2018 R1)
2. Siveillance VMS Video for iOS: Update to V12.1a (2018 R1)
As a general security measure Siemens recommends users protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
For more information on this vulnerability and associated mitigation practices, see the Siemens security advisory SSA-468514.