VDB

CVE-2019-6581

CVE-2019-6581 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

EPSS 0.30% · 53.3th percentile

Risk Scores

CVSS 2.0
6.5
EPSS Score
0.30%
53.3th percentile

Affected Products

VendorProductVersions
siemenssiveillance_video_management_software_2017_r20
siemenssiveillance_video_management_software_2018_r20
siemenssiveillance_video_management_software_2018_r30
siemenssiveillance_video_management_software_2018_r10
Siemens AGSiveillance VMS 2017 R2All versions < V11.2a
Siemens AGSiveillance VMS 2018 R3*
Siemens AGSiveillance VMS 2019 R1All versions < V13.1a
siemenssiveillance_video_management_software_2019_r10
Siemens AGSiveillance VMS 2018 R2All versions < V12.2a
Siemens AGSiveillance VMS 2018 R1All versions < V12.1a

Exploit Intelligence

Timeline

  • Jun 11, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›