← Back

CVE-2018-7891

nvd nist
Published: Apr 30, 2018Modified: Jun 17, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.

Affected (11)

Milestonesys
1 product
Xprotect
Siemens
1 product
Siveillance Vms
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Milestonesys
Xprotect
From 10.0.a to 12.1a
Xprotect
From 10.0.a to 12.1a
Xprotect
From 10.0.a to 12.1a
Xprotect
From 10.0.a to 12.1a
Xprotect
From 10.0.a to 12.1a
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Siveillance Vms
Before 10.0a
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Siveillance Vms
Before 10.1a
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Siveillance Vms
Before 10.2b
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Siveillance Vms
Before 11.1a
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Siveillance Vms
Before 11.2a
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Siveillance Vms
Before 12.1a

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (6)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
MitigationThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.