CVE-2016-9155
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.
Affected (15)
Products: Siemens: Ccid1445 Dn18 Firmware, Ccid1445 Dn28 Firmware, Ccid1445 Dn36 Firmware, Ccis1425 Firmware, Ccmd3025 Dn18 Firmware, Ccms2025 Firmware, Ccmw1025 Firmware, Ccmw3025 Firmware, Ccpw3025 Firmware, Cfis1425 Firmware, Cfms2025 Firmware, Cfmw1025 Firmware, Cfmw3025 Firmware, Cvms2025 Ir Firmware, Cvmw3025 Ir Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Ccid1445 Dn18 | All versions |
Siemens Ccid1445 Dn28 | All versions |
Siemens Ccid1445 Dn36 | All versions |
Siemens Ccis1425 | All versions |
Siemens Ccmd3025 Dn18 | All versions |
Siemens Ccms2025 | All versions |
Siemens Ccmw1025 | All versions |
Siemens Ccmw3025 | All versions |
Siemens Ccpw3025 | All versions |
Siemens Cfis1425 | All versions |
Siemens Cfms2025 | All versions |
Siemens Cfmw1025 | All versions |
Siemens Cfmw3025 | All versions |
Siemens Cvms2025 Ir | All versions |
Siemens Cvmw3025 Ir | All versions |
References (6)
Source: productcert@siemens.com
MitigationThird Party AdvisoryUS Government ResourceVDB Entry
Source: productcert@siemens.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government ResourceVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.