CVE-2022-43400
published 2022-10-21CVE-2022-43400: A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.88%
54.7th percentile
A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | siveillance_video_mobile_server | < 22.2a\(80\) | 22.2a\(80\) |
| siemens | siveillance_video_mobile_server_v2022_r2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target authentication bypass against Siveillance Video Mobile Server — look for unauthenticated remote login attempts to the mobile server component, especially using Active Directory accounts that are members of the built-in Administrators group ↗
- →Alert on successful authentication events to the Siveillance Video Mobile Server that lack a corresponding valid credential exchange — indicative of authentication bypass (CWE-1390 Weak Authentication) ↗
- →Monitor network traffic for remote, unauthenticated access attempts to the Mobile Server; exploitation requires no privileges and no user interaction (PR:N/UI:N) over the network (AV:N/AC:L) ↗
- ·Vulnerability only affects Siveillance Video Mobile Server V2022 R2 versions prior to V22.2a(80); patched installations are not affected ↗
- ·The authentication bypass specifically involves Active Directory accounts that are members of the built-in Administrators group; detection logic should focus on this account class ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vxr6-pwvm-cf57: A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22
ghsa_unreviewed·2022-10-21
CVE-2022-43400 [CRITICAL] CWE-1390 GHSA-vxr6-pwvm-cf57: A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22
A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.
CISA ICS
Siemens Siveillance Video Mobile Server
cisa_ics·2022-10-25·CVSS 9.8
[CRITICAL] Siemens Siveillance Video Mobile Server
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Siveillance Video Mobile Server
Last RevisedOctober 25, 2022
Alert CodeICSA-22-298-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Siveillance Video 2022 R2
- Vulnerability: Weak Authentication
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to access the application without a valid account.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Siemens Siveillance Video, a mobile server, are affec
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-10-21
Published