VDB
ICSA-21-103-15
ICSA-21-103-15
PUBLISHED
CVSS 9.899999618530273 CRITICAL
Siemens has released hotfixes for Siveillance Video Open Network Bridge (ONVIF) which fix a security vulnerability related to unsecure storage of ONVIF user credentials. The vulnerability could allow an authenticated remote attacker to retrieve and decrypt all user credentials stored on the ONVIF server. Siemens recommends to apply the hotfixes at the earliest opportunity. See also the chapter Additional Information, how to apply the hotfix.
Risk Scores
CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siveillance Video Open Network Bridge |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/csaf/ssa-853866.json (circl)
- https://cert-portal.siemens.com/productcert/txt/ssa-853866.txt (circl)
- https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf (circl)
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-103-15.json (circl)
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-15 (circl)
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 (circl)
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices (circl)
- https://www.cisa.gov/topics/industrial-control-systems (circl)
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf (circl)
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf (circl)
…and 9 more exploits
Timeline
- Apr 13, 2021 CVE Published
- May 6, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-853866.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-853866.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-103-15.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-15 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109791980/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109781128/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109779088/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109773456/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109769052/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109766085/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109762643/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109762751/ fix