cbcvebase.
CVE-2019-6580
published 2019-06-12

CVE-2019-6580: A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.67%
73.8th percentile
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected

10 ranges
VendorProductVersion rangeFixed in
siemenssiveillance_video_management_software_2017_r2< 11.2a11.2a
siemenssiveillance_video_management_software_2018_r1< 12.1a12.1a
siemenssiveillance_video_management_software_2018_r2< 12.2a12.2a
siemenssiveillance_video_management_software_2018_r3< 12.3a12.3a
siemenssiveillance_video_management_software_2019_r1< 13.1a13.1a
siemens_agsiveillance_vms_2017_r2
siemens_agsiveillance_vms_2018_r1
siemens_agsiveillance_vms_2018_r2
siemens_agsiveillance_vms_2018_r3
siemens_agsiveillance_vms_2019_r1

Detection & IOCsextracted from sources · hover to see the quote

port80/TCP
  • Monitor for unauthorized device property change requests arriving over port 80/TCP on Siveillance VMS systems, particularly from low-privileged or unauthenticated network sources.
  • Block or alert on inbound connections to port 80/TCP at the network perimeter for Siveillance VMS deployments as a detection/prevention boundary.
  • ·Exploitation requires only network access (low privilege, no user interaction), meaning any host with reachability to port 80/TCP on the VMS server is a potential attacker — perimeter controls alone are insufficient if the attacker is already on the network segment.
  • ·No public exploits were known at advisory publication time, but the low skill level required (CVSS AC:L, PR:L) means the attack surface is broad and exploitation is straightforward once network access is obtained.
  • ·All five affected release branches (2017 R2 through 2019 R1) share the same vulnerable port/protocol vector; patched versions are v11.2a, v12.1a, v12.2a, v12.3a, and v13.1a respectively.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.