ICSA-26-043-07 — Vulnetix

ICSA-26-043-07 PUBLISHED CVSS 6.300000190734863 MEDIUM

The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Risk Scores

CVSS v3.1

6.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
	Siveillance Video V2023 R3
	Siveillance Video V2023 R2
	Siveillance Video V2023 R1
	Siveillance Video V2024 R1
	Siveillance Video V2022 R3
	Siveillance Video V2025

Timeline

Feb 10, 2026 CVE Published
Feb 12, 2026 CVE Updated

References

https://cert-portal.siemens.com/productcert/csaf/ssa-625934.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-625934.html advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-043-07.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-07 advisory
https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url
https://support.industry.siemens.com/cs/ww/en/view/109820659/ fix
https://support.industry.siemens.com/cs/ww/en/view/109823922/ fix
https://support.industry.siemens.com/cs/ww/en/view/109827783/ fix
https://support.industry.siemens.com/cs/ww/en/view/109976123/ fix
https://support.industry.siemens.com/cs/ww/en/view/109988670/ fix

Open in Interactive Console →