CVE-2019-6580

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-212009.pdf	Patch Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-19-162-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:siveillance_video_management_software_2017_r2::::::::
	cpe:2.3:a:siemens:siveillance_video_management_software_2018_r1::::::::
	cpe:2.3:a:siemens:siveillance_video_management_software_2018_r2::::::::
	cpe:2.3:a:siemens:siveillance_video_management_software_2018_r3::::::::
	cpe:2.3:a:siemens:siveillance_video_management_software_2019_r1::::::::

History

No history.

Information

Published : 2019-06-12 14:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-6580

Mitre link : CVE-2019-6580

CVE.ORG link : CVE-2019-6580

JSON object : View

Products Affected

siemens

siveillance_video_management_software_2018_r2
siveillance_video_management_software_2019_r1
siveillance_video_management_software_2018_r3
siveillance_video_management_software_2017_r2
siveillance_video_management_software_2018_r1

CWE

CWE-862

Missing Authorization

{"id": "CVE-2019-6580", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-06-12T14:29:06.010", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-212009.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-162-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Siveillance VMS 2017 R2 (todas las versiones anteriores a la V11.2a), Siveillance VMS 2018 R1 (todas las versiones anteriores a la V12.1a), Siveillance VMS 2018 R2 (todas las versiones anteriores a la V12.2a), Siveillance VMS 2018 R3 (todas las versiones anteriores a la V12.3a), Siveillance VMS 2019 R1 (todas las versiones anteriores a la V13.1a). Un atacante con acceso de red al puerto 80 / TCP podr\u00eda cambiar las propiedades del dispositivo sin autorizaci\u00f3n. No se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad de seguridad. La explotaci\u00f3n con \u00e9xito compromete la confidencialidad, integridad y disponibilidad del sistema objetivo. En el momento de la publicaci\u00f3n de asesoramiento, no se conoc\u00eda la explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad."}], "lastModified": "2020-10-16T15:47:58.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:siveillance_video_management_software_2017_r2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B38507-984D-40E9-A3A5-40B7BF29BDF7", "versionEndExcluding": "11.2a"}, {"criteria": "cpe:2.3:a:siemens:siveillance_video_management_software_2018_r1:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "323A9152-90F1-4222-8468-1C1843B30C21", "versionEndExcluding": "12.1a"}, {"criteria": "cpe:2.3:a:siemens:siveillance_video_management_software_2018_r2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA4F90DF-54F4-4757-BFBB-D3594B866B45", "versionEndExcluding": "12.2a"}, {"criteria": "cpe:2.3:a:siemens:siveillance_video_management_software_2018_r3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDA10332-9542-4C47-9870-BADDC276C160", "versionEndExcluding": "12.3a"}, {"criteria": "cpe:2.3:a:siemens:siveillance_video_management_software_2019_r1:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A8464AB-5EC6-4147-90B2-19ED8FB3A4E4", "versionEndExcluding": "13.1a"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}