Vulnetix
Try Vulnetix Request Demo
CVE-2019-6582 PUBLISHED CVSS 7.099999904632568 HIGH

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP can change user-defined event properties without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises integrity of the user-defined event properties and the availability of corresponding functionality. At the time of advisory publication no public exploitation of this security vulnerability was known.

EPSS 0.17% · 37.9th percentile

Risk Scores

CVSS v3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
EPSS Score
0.17%
37.9th percentile

Affected Products

VendorProductVersions
siemenssiveillance_video_management_software_2018_r30
siemenssiveillance_video_management_software_2018_r10
Siemens AGSiveillance VMS 2018 R3All versions < V12.3a
Siemens AGSiveillance VMS 2017 R2All versions < V11.2a
siemenssiveillance_video_management_software_2019_r10
Siemens AGSiveillance VMS 2018 R1All versions < V12.1a
siemenssiveillance_video_management_software_2018_r20
Siemens AGSiveillance VMS 2019 R1All versions < V13.1a
Siemens AGSiveillance VMS 2018 R2All versions < V12.2a
siemenssiveillance_video_management_software_2017_r20

Timeline

References

Open in Interactive Console →