CVE-2023-30899

Summary

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.

Affected Software

VendorProductVersion RangeStatus
SiemensSiveillance Video 2020 R2All versions < V20.2 HotfixRev14affected
SiemensSiveillance Video 2020 R3All versions < V20.3 HotfixRev12affected
SiemensSiveillance Video 2021 R1All versions < V21.1 HotfixRev12affected
SiemensSiveillance Video 2021 R2All versions < V21.2 HotfixRev8affected
SiemensSiveillance Video 2022 R1All versions < V22.1 HotfixRev7affected
SiemensSiveillance Video 2022 R2All versions < V22.2 HotfixRev5affected
SiemensSiveillance Video 2022 R3All versions < V22.3 HotfixRev2affected
SiemensSiveillance Video 2023 R1All versions < V23.1 HotfixRev1affected

Weaknesses

  • CWE-502: CWE-502: Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References