Siemens and PKE SiNVR, SiVMS Video Server (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext and configuration files.

CVEs (2)

Remediations

• Siemens recommends users to update to v5.0.0 or later.
• Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:
• As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens ' operational guidelines for industrial security and to following the recommendations in the product manuals.
• Additional information on industrial security by Siemens can be found at:https://www.siemens.com/industrialsecurity
• For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens security advisory SSA-761617 and the PKE security advisory.

Affected Vendors

Affected Products (3)

Affected Sectors

Commercial Facilities