Deserialization of untrusted data in Siemens products - CVE-2018-7891
Published: May 8, 2018 / Updated: May 10, 2018
Vulnerability identifier: #VU12519
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-7891
CWE-ID: CWE-502
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
Siveillance VMS 2018 R1
Siveillance VMS 2017 R2
Siveillance VMS 2017 R1
Siveillance VMS 2016 R3
Siveillance VMS 2016 R2
Siveillance VMS 2016 R1
Siveillance VMS 2018 R1
Siveillance VMS 2017 R2
Siveillance VMS 2017 R1
Siveillance VMS 2016 R3
Siveillance VMS 2016 R2
Siveillance VMS 2016 R1
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the Recording Server, Management Server, and Management Client on Ports 6473/TCP local connection only, 7474/TCP, 8966/TCP local connection only, and Port 9993/TCP use an exploitable .NET Framework Remoting deserialization level. A remote unauthenticated attacker can access the vulnerable ports, gain elevated privileges and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2018-7891
Install update from vendor's website.