Main Vulnerability Database SB2021041415

SB2021041415 - Use of Hard-coded Cryptographic Key in Siemens and Milestone Siveillance Video Open Network Bridge

Published: April 14, 2021

Security Bulletin ID SB2021041415

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2021-27392)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected Open Network Bridges store user credentials for the authentication between ONVIF clients and the ONVIF server using a hard-coded key. A remote authenticated attacker can retrieve and decrypt all credentials stored on the ONVIF server.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/icsa-21-103-15
https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf