Post

Siemens Siveillance Video Management Servers Vulnerability Advisory

Posted
By ictsec.pl
2 min read
Siemens Siveillance Video Management Servers Vulnerability Advisory

Siemens Siveillance Video Management Servers Vulnerability Advisory 🚨

The Webhooks implementation of Siveillance Video Management Servers has a critical vulnerability that could allow an authenticated remote attacker with read-only privileges to gain full access to the Webhooks API. Siemens has released new versions for the affected products and strongly recommends updating to the latest versions.

Vulnerability Details

This vulnerability is identified as CVE-2025-0836, a Missing Authorization vulnerability in Milestone Systems XProtect VMS. It allows users with read-only access to the Management Server to have full read/write access to the MIP Webhooks API. The relevant CWE is CWE-862 Missing Authorization. Critical Infrastructure Sectors, specifically Critical Manufacturing, are affected, and the products are deployed worldwide.

Affected Versions

The following versions of Siemens Siveillance Video Management Servers are affected:

  • Siveillance Video V2023 R1: All versions < V23.1 HotfixRev18
  • Siveillance Video V2023 R2: All versions < V23.2 HotfixRev18
  • Siveillance Video V2023 R3: All versions < V23.3 HotfixRev23
  • Siveillance Video V2024 R1: All versions < V24.1 HotfixRev14
  • Siveillance Video V2025: All versions < V25.1 HotfixRev8

Siemens ProductCERT reported this vulnerability to CISA, and Milestone PSIRT reported this vulnerability to Siemens. The initial release date for this advisory was 2026-02-10.

Recommendations

Siemens recommends that users update to the latest versions:

  • Update Siveillance Video V2023 R1 to V23.1 HotfixRev18 or later.
  • Update Siveillance Video V2023 R2 to V23.2 HotfixRev18 or later.
  • Update Siveillance Video V2023 R3 to V23.3 HotfixRev23 or later.
  • Update Siveillance Video V2024 R1 to V24.1 HotfixRev14 or later.
  • Update Siveillance Video V2025 to V25.1 HotfixRev8 or later.

If it is not possible to install the latest patch, Siemens recommends auditing your role security settings and considering everyone with read-only access to the Management Server as having full access to Webhooks configuration. As a general security measure, Siemens strongly advises protecting network access to affected products with appropriate mechanisms.

CISA Recommendations

Additionally, CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. CISA advises minimizing network exposure for all control system devices and ensuring they are not accessible from the internet. Control system networks and remote devices should be located behind firewalls and isolated from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), while recognizing that VPNs may have vulnerabilities and should be updated to the most recent version available. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

For more details, Read full article.

CYBERSECURITY
SIEMENS VULNERABILITY CYBERSECURITY ICS-CERT
This post is licensed under CC BY 4.0 by the author.