CVE-2019-6580
published 2019-06-12CVE-2019-6580: A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.67%
73.8th percentile
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | siveillance_video_management_software_2017_r2 | < 11.2a | 11.2a |
| siemens | siveillance_video_management_software_2018_r1 | < 12.1a | 12.1a |
| siemens | siveillance_video_management_software_2018_r2 | < 12.2a | 12.2a |
| siemens | siveillance_video_management_software_2018_r3 | < 12.3a | 12.3a |
| siemens | siveillance_video_management_software_2019_r1 | < 13.1a | 13.1a |
| siemens_ag | siveillance_vms_2017_r2 | — | — |
| siemens_ag | siveillance_vms_2018_r1 | — | — |
| siemens_ag | siveillance_vms_2018_r2 | — | — |
| siemens_ag | siveillance_vms_2018_r3 | — | — |
| siemens_ag | siveillance_vms_2019_r1 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthorized device property change requests arriving over port 80/TCP on Siveillance VMS systems, particularly from low-privileged or unauthenticated network sources. ↗
- →Block or alert on inbound connections to port 80/TCP at the network perimeter for Siveillance VMS deployments as a detection/prevention boundary. ↗
- ·Exploitation requires only network access (low privilege, no user interaction), meaning any host with reachability to port 80/TCP on the VMS server is a potential attacker — perimeter controls alone are insufficient if the attacker is already on the network segment. ↗
- ·No public exploits were known at advisory publication time, but the low skill level required (CVSS AC:L, PR:L) means the attack surface is broad and exploitation is straightforward once network access is obtained. ↗
- ·All five affected release branches (2017 R2 through 2019 R1) share the same vulnerable port/protocol vector; patched versions are v11.2a, v12.1a, v12.2a, v12.3a, and v13.1a respectively. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Siveillance VMS
cisa_ics·2019-06-11·CVSS 9.8
[CRITICAL] Siemens Siveillance VMS
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Siveillance VMS
Last RevisedJune 11, 2019
Alert CodeICSA-19-162-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 8.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: Siveillance VMS
- Vulnerabilities: Improper Authorization, Incorrect User Management, Missing Authorization
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker with network access to Port 80/TCP to change device properties, user roles, and user-defined event properties.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The foll
GHSA
GHSA-pp4q-v66w-48fm: A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11
ghsa_unreviewed·2022-05-24
CVE-2019-6580 [CRITICAL] GHSA-pp4q-v66w-48fm: A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-12
Published