CVE-2023-30898

Published: May 9, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.

Affected (8)

Products: Siemens: Siveillance Video

Siemens

1 product

Siveillance Video

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Siemens Siveillance Video	Version 2020 r2
Siemens Siveillance Video	Version 2020 r3
Siemens Siveillance Video	Version 2021 r1
Siemens Siveillance Video	Version 2021 r2
Siemens Siveillance Video	Version 2022 r1
Siemens Siveillance Video	Version 2022 r2
Siemens Siveillance Video	Version 2022 r3
Siemens Siveillance Video	Version 2023 r1

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.