Advanced Adversary Exploits Zero-Day Vulnerabilities in Siemens Siveillance Video Camera

cisa.gov

Advanced Adversary Exploits Zero-Day Vulnerabilities in Siemens Siveillance Video Camera - 6d

A vulnerability has been discovered in Siemens’ Siveillance Video Camera software, which allows attackers with access to the internal network to execute commands on the Recording Server with SYSTEM privileges. The vulnerability, tracked as CVE-2024-42640, affects all versions of Siveillance Video Camera prior to V13.2. It is classified as a classic buffer overflow. The vulnerability is not exploitable remotely, and the attack complexity is high. This vulnerability could be exploited by an attacker who gains access to the internal network. Siemens has released version V13.2, which includes a fix for the vulnerability. The company recommends that users update to the latest version of Siveillance Video Camera as a mitigation measure.

References:

cert-portal.siemens.com - Siemens Security Advisory - 6d
community.se.com - Data Center Expert Security Handbook - 6d
ICS Advisories - Siemens Siveillance Video Camera - 6d
ICS Advisories - Schneider Electric Data Center Expert - 6d
support.industry.siemens.com - Siemens Support Portal for Siveillance Video Camera - 6d

Classification:

HashTags: Siemens Siveillance Vulnerability
Company: Siemens
Target: Various Organizations
Product: Siveillance Video Camera
Feature: Classic Buffer Overflow
Type: Vulnerability
Severity: Medium

This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts documented at my website here (https://royans.net/) if you have feedback. You can also find Flathis at Mastodon.

FlagThis

Advanced Adversary Exploits Zero-Day Vulnerabilities in Siemens Siveillance Video Camera - 6d

References:

Classification: