A vulnerability has been discovered in Siemens’ Siveillance Video Camera software, which allows attackers with access to the internal network to execute commands on the Recording Server with SYSTEM privileges. The vulnerability, tracked as CVE-2024-42640, affects all versions of Siveillance Video Camera prior to V13.2. It is classified as a classic buffer overflow. The vulnerability is not exploitable remotely, and the attack complexity is high. This vulnerability could be exploited by an attacker who gains access to the internal network. Siemens has released version V13.2, which includes a fix for the vulnerability. The company recommends that users update to the latest version of Siveillance Video Camera as a mitigation measure.
Several critical vulnerabilities have been discovered in industrial control systems (ICS) products from Siemens, Rockwell Automation, and Delta Electronics. These vulnerabilities could allow attackers to execute arbitrary code, trigger denial-of-service conditions, or gain unauthorized access to sensitive information. One of the most concerning vulnerabilities is CVE-2024-41798, affecting Siemens’ SENTRON 7KM PAC3200 power monitoring device. This vulnerability exposes the device to brute-force attacks and unauthorized access through its Modbus TCP interface. Organizations using these ICS products are urged to prioritize patching and implementing robust security measures to mitigate the risks.