SSA-789345 V1.0: Code Execution Vulnerabilities in Siveillance Video Event and Management Servers

Risk Summary

<p>Both the Event Server and the Management Server components of Siveillance Video deserialize data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.</p> <p>Siemens has released updates for the affected products and recommends to update to the latest versions. The provided cumulative hotfix releases include the fixes for both Event Server (ES) and Management Server (MS). Ensure to apply the fixes on all relevant servers in your deployment.</p>

Remediations

• Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Affected Products (1)