SSA-404759 — Vulnetix

SSA-404759 PUBLISHED CVSS 7.800000190734863 HIGH

Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions. Siemens has released an update of the Device Pack and recommends to apply this update to all deployments of Siveillance Video. In general, Siemens recommends installing the latest Device Pack which contains the most up-to-date device drivers.

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
	Siveillance Video Device Pack

Exploit Intelligence

https://cert-portal.siemens.com/productcert/html/ssa-404759.html (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-404759.json (circl)

Timeline

Jan 14, 2025 CVE Published
Jan 15, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/html/ssa-404759.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-404759.json advisory

Open in Interactive Console →