Siemens Siveillance VMS (ICSA-19-162-01)

The NCCIC has published an advisory on improper authorization, incorrect user management, and missing authorization vulnerabilities in Siemens Siveillance VMS. Multiple products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow an attacker with network access to Port 80/TCP to change device properties, user roles, and user-defined event properties. Siemens has released updates to address the vulnerabilities. The NCCIC also advised on a series of mitigating measures for the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.