Siemens created updates to mitigate a deserialization of untrusted data vulnerability in its Siveillance Video Management Software (VMS), according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability by the affected ports in .NET Remoting deserialization could allow elevation of privileges and/or cause a denial-of-service. Siemens self-reported the issue.
The following versions of Siveillance VMS, an IP video management software, suffer from the issue:
• Siveillance VMS 2016 R1, all versions prior to V10.0a
• Siveillance VMS 2016 R2, all versions prior to V10.1a
• Siveillance VMS 2016 R3, all versions prior to V10.2b
• Siveillance VMS 2017 R1, all versions prior to V11.1a
• Siveillance VMS 2017 R2, all versions prior to V11.2a
• Siveillance VMS 2018 R1, all versions prior to V12.1a
In the vulnerability, the recording server, management server, and management client on Ports 6473/TCP local connection only, 7474/TCP, 8966/TCP local connection only, and Port 9993/TCP use an exploitable .NET Framework Remoting deserialization level.
An attacker could exploit this vulnerability by accessing the vulnerable ports, allowing elevation of privileges or causing a denial-of-service; compromising confidentiality, integrity, and availability of the targeted system.
CVE-2018-7891 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.1.
The product sees action on a global basis.
No known public exploits specifically target this vulnerability. High skill level is needed to exploit.
Siemens released updates for several affected products and recommends users update to the new version:
• Siveillance VMS 2016 R1: Update to V10.0a
• Siveillance VMS 2016 R2: Update to V10.1a
• Siveillance VMS 2016 R3: Update to V10.2b
• Siveillance VMS 2017 R1: Update to V11.1a
• Siveillance VMS 2017 R2: Update to V11.2a
• Siveillance VMS 2018 R1: Update to V12.1a
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to run the devices in a protected IT environment, Siemens specifically recommends users configure the environment according to Siemens’ Operational Guidelines for Industrial Security and follow the recommendations in the product manuals.
Click here for additional information on industrial security by Siemens.
For more information on this vulnerability and associated software updates, see Siemens security advisory SSA-457058.