Improper Authorization in Siemens products - CVE-2019-6582
Published: June 17, 2019 / Updated: July 1, 2019
Vulnerability identifier: #VU18812
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2019-6582
CWE-ID: CWE-285
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
Siveillance VMS 2019 R1
Siveillance VMS 2018 R3
Siveillance VMS 2018 R2
Siveillance VMS 2018 R1
Siveillance VMS 2017 R2
Siveillance VMS 2019 R1
Siveillance VMS 2018 R3
Siveillance VMS 2018 R2
Siveillance VMS 2018 R1
Siveillance VMS 2017 R2
Detailed vulnerability description
The vulnerability allows a remote attacker to change user-defined event properties.
The vulnerability exist due to missing authorization on a Port 80/TCP. An authenticated attacker with network access to Port 80/TCP can change user-defined event properties without proper authorization.
The vulnerability exist due to missing authorization on a Port 80/TCP. An authenticated attacker with network access to Port 80/TCP can change user-defined event properties without proper authorization.
How to mitigate CVE-2019-6582
Install updates from vendor's website.