CVE-2023-30898

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:siveillance_video:2020:r2:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_video:2020:r3:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_video:2021:r1:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_video:2021:r2:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_video:2022:r1:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_video:2022:r2:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_video:2022:r3:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_video:2023:r1:*:*:*:*:*:*

History

21 Nov 2024, 08:01

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-789345.pdf - Vendor Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 9.9

Information

Published : 2023-05-09 13:15

Updated : 2024-11-21 08:01


NVD link : CVE-2023-30898

Mitre link : CVE-2023-30898

CVE.ORG link : CVE-2023-30898


JSON object : View

Products Affected

siemens

  • siveillance_video
CWE
CWE-502

Deserialization of Untrusted Data