Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-12569 (GCVE-0-2024-12569)
Vulnerability from cvelistv5 – Published: 2024-12-19 08:41 – Updated: 2025-08-28 14:41
VLAI
EPSS
Title
Sensitive Information in Driver’s Log File
Summary
Disclosure
of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera
credentials stored in the Recording Server under specific conditions.
Severity
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Milestone Systems | XProtect VMS |
Affected:
0 , < 13.5a
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T17:58:06.597166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:41:37.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Device Pack",
"platforms": [
"Windows"
],
"product": "XProtect VMS",
"vendor": "Milestone Systems",
"versions": [
{
"lessThan": "13.5a",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eDisclosure\nof sensitive information in a Milestone XProtect Device Pack driver\u2019s log file for third-party cameras, allows an attacker to read camera\ncredentials stored in the Recording Server under specific conditions. \u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Disclosure\nof sensitive information in a Milestone XProtect Device Pack driver\u2019s log file for third-party cameras, allows an attacker to read camera\ncredentials stored in the Recording Server under specific conditions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-20T09:00:45.727Z",
"orgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"shortName": "Milestone"
},
"references": [
{
"url": "https://supportcommunity.milestonesys.com/KBRedir?art=000067740\u0026lang=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eTo mitigate the issue, we highly recommend installing the latest XProtect Device Pack which contains the most up to date device drivers. \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "To mitigate the issue, we highly recommend installing the latest XProtect Device Pack which contains the most up to date device drivers."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive Information in Driver\u2019s Log File",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIf, for any reason, update is not possible, we recommend monitoring of the log files under \u2018%PROGRAMDATA%\\XProtect Recording Server\\Logs\\Drivers\u2019 for exposed credentials. \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "If, for any reason, update is not possible, we recommend monitoring of the log files under \u2018%PROGRAMDATA%\\XProtect Recording Server\\Logs\\Drivers\u2019 for exposed credentials."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"assignerShortName": "Milestone",
"cveId": "CVE-2024-12569",
"datePublished": "2024-12-19T08:41:33.342Z",
"dateReserved": "2024-12-12T10:59:50.462Z",
"dateUpdated": "2025-08-28T14:41:37.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-12569",
"date": "2026-05-27",
"epss": "0.00135",
"percentile": "0.32917"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Disclosure\\nof sensitive information in a Milestone XProtect Device Pack driver\\u2019s log file for third-party cameras, allows an attacker to read camera\\ncredentials stored in the Recording Server under specific conditions.\"}, {\"lang\": \"es\", \"value\": \"La divulgaci\\u00f3n de informaci\\u00f3n sensible en un archivo de registro del controlador Milestone XProtect Device Pack para c\\u00e1maras de terceros, permite a un atacante leer las credenciales de la c\\u00e1mara almacenadas en el servidor de grabaci\\u00f3n bajo condiciones espec\\u00edficas.\"}]",
"id": "CVE-2024-12569",
"lastModified": "2025-01-07T10:15:06.757",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"cf45122d-9d50-442a-9b23-e05cde9943d8\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 5.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"HIGH\", \"subsequentSystemIntegrity\": \"HIGH\", \"subsequentSystemAvailability\": \"HIGH\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-12-19T09:16:13.830",
"references": "[{\"url\": \"https://supportcommunity.milestonesys.com/KBRedir?art=000067740\u0026lang=en_US\", \"source\": \"cf45122d-9d50-442a-9b23-e05cde9943d8\"}]",
"sourceIdentifier": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"cf45122d-9d50-442a-9b23-e05cde9943d8\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-12569\",\"sourceIdentifier\":\"cf45122d-9d50-442a-9b23-e05cde9943d8\",\"published\":\"2024-12-19T09:16:13.830\",\"lastModified\":\"2025-08-26T21:15:31.950\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Disclosure\\nof sensitive information in a Milestone XProtect Device Pack driver\u2019s log file for third-party cameras, allows an attacker to read camera\\ncredentials stored in the Recording Server under specific conditions.\"},{\"lang\":\"es\",\"value\":\"La divulgaci\u00f3n de informaci\u00f3n sensible en un archivo de registro del controlador Milestone XProtect Device Pack para c\u00e1maras de terceros, permite a un atacante leer las credenciales de la c\u00e1mara almacenadas en el servidor de grabaci\u00f3n bajo condiciones espec\u00edficas.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cf45122d-9d50-442a-9b23-e05cde9943d8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cf45122d-9d50-442a-9b23-e05cde9943d8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.1,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"cf45122d-9d50-442a-9b23-e05cde9943d8\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"references\":[{\"url\":\"https://supportcommunity.milestonesys.com/KBRedir?art=000067740\u0026lang=en_US\",\"source\":\"cf45122d-9d50-442a-9b23-e05cde9943d8\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12569\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-20T17:58:06.597166Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-20T17:58:44.513Z\"}}], \"cna\": {\"title\": \"Sensitive Information in Driver\\u2019s Log File\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Milestone Systems\", \"product\": \"XProtect VMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"13.5a\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"packageName\": \"Device Pack\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"To mitigate the issue, we highly recommend installing the latest XProtect Device Pack which contains the most up to date device drivers.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eTo mitigate the issue, we highly recommend installing the latest XProtect Device Pack which contains the most up to date device drivers. \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://supportcommunity.milestonesys.com/KBRedir?art=000067740\u0026lang=en_US\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"If, for any reason, update is not possible, we recommend monitoring of the log files under \\u2018%PROGRAMDATA%\\\\XProtect Recording Server\\\\Logs\\\\Drivers\\u2019 for exposed credentials.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIf, for any reason, update is not possible, we recommend monitoring of the log files under \\u2018%PROGRAMDATA%\\\\XProtect Recording Server\\\\Logs\\\\Drivers\\u2019 for exposed credentials. \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Disclosure\\nof sensitive information in a Milestone XProtect Device Pack driver\\u2019s log file for third-party cameras, allows an attacker to read camera\\ncredentials stored in the Recording Server under specific conditions.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cp\u003eDisclosure\\nof sensitive information in a Milestone XProtect Device Pack driver\\u2019s log file for third-party cameras, allows an attacker to read camera\\ncredentials stored in the Recording Server under specific conditions. \u003c/p\u003e\\n\\n\\n\\n\\n\\n\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"CWE-532: Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"cf45122d-9d50-442a-9b23-e05cde9943d8\", \"shortName\": \"Milestone\", \"dateUpdated\": \"2025-01-20T09:00:45.727Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-12569\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-28T14:41:37.061Z\", \"dateReserved\": \"2024-12-12T10:59:50.462Z\", \"assignerOrgId\": \"cf45122d-9d50-442a-9b23-e05cde9943d8\", \"datePublished\": \"2024-12-19T08:41:33.342Z\", \"assignerShortName\": \"Milestone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CNVD-2025-01695
Vulnerability from cnvd - Published: 2025-01-17
VLAI
Title
Siemens Siveillance Video摄像机驱动程序信息泄露漏洞
Description
Siveillance Video(以前称为Siveillance VMS)是一款功能强大的IP视频管理软件,专为从小型简单到大规模和高安全性的部署而设计。Siveillance Video系列产品组合包括四个版本:Siveillance Video Core、Core Plus、Advanced和Pro,可满足从中小型解决方案到大型复杂部署的特定需求。
Siemens Siveillance Video摄像机驱动程序存在信息泄露漏洞,本地攻击者可利用漏洞在特定条件下读取存储在Recording Server中的摄像机凭据。
Severity
中
Patch Name
Siemens Siveillance Video摄像机驱动程序信息泄露漏洞的补丁
Patch Description
Siveillance Video(以前称为Siveillance VMS)是一款功能强大的IP视频管理软件,专为从小型简单到大规模和高安全性的部署而设计。Siveillance Video系列产品组合包括四个版本:Siveillance Video Core、Core Plus、Advanced和Pro,可满足从中小型解决方案到大型复杂部署的特定需求。
Siemens Siveillance Video摄像机驱动程序存在信息泄露漏洞,本地攻击者可利用漏洞在特定条件下读取存储在Recording Server中的摄像机凭据。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布升级版本修复漏洞,请广大用户及时下载更新至V13.5及以上版本: https://support.industry.siemens.com/cs/ww/en/view/109761843/
Reference
https://cert-portal.siemens.com/productcert/html/ssa-404759.html
Impacted products
| Name | Siemens Siveillance Video Device Pack <V13.5 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-12569"
}
},
"description": "Siveillance Video\uff08\u4ee5\u524d\u79f0\u4e3aSiveillance VMS\uff09\u662f\u4e00\u6b3e\u529f\u80fd\u5f3a\u5927\u7684IP\u89c6\u9891\u7ba1\u7406\u8f6f\u4ef6\uff0c\u4e13\u4e3a\u4ece\u5c0f\u578b\u7b80\u5355\u5230\u5927\u89c4\u6a21\u548c\u9ad8\u5b89\u5168\u6027\u7684\u90e8\u7f72\u800c\u8bbe\u8ba1\u3002Siveillance Video\u7cfb\u5217\u4ea7\u54c1\u7ec4\u5408\u5305\u62ec\u56db\u4e2a\u7248\u672c\uff1aSiveillance Video Core\u3001Core Plus\u3001Advanced\u548cPro\uff0c\u53ef\u6ee1\u8db3\u4ece\u4e2d\u5c0f\u578b\u89e3\u51b3\u65b9\u6848\u5230\u5927\u578b\u590d\u6742\u90e8\u7f72\u7684\u7279\u5b9a\u9700\u6c42\u3002\n\nSiemens Siveillance Video\u6444\u50cf\u673a\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u7279\u5b9a\u6761\u4ef6\u4e0b\u8bfb\u53d6\u5b58\u50a8\u5728Recording Server\u4e2d\u7684\u6444\u50cf\u673a\u51ed\u636e\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7248\u672c\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u5e7f\u5927\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\u81f3V13.5\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109761843/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-01695",
"openTime": "2025-01-17",
"patchDescription": "Siveillance Video\uff08\u4ee5\u524d\u79f0\u4e3aSiveillance VMS\uff09\u662f\u4e00\u6b3e\u529f\u80fd\u5f3a\u5927\u7684IP\u89c6\u9891\u7ba1\u7406\u8f6f\u4ef6\uff0c\u4e13\u4e3a\u4ece\u5c0f\u578b\u7b80\u5355\u5230\u5927\u89c4\u6a21\u548c\u9ad8\u5b89\u5168\u6027\u7684\u90e8\u7f72\u800c\u8bbe\u8ba1\u3002Siveillance Video\u7cfb\u5217\u4ea7\u54c1\u7ec4\u5408\u5305\u62ec\u56db\u4e2a\u7248\u672c\uff1aSiveillance Video Core\u3001Core Plus\u3001Advanced\u548cPro\uff0c\u53ef\u6ee1\u8db3\u4ece\u4e2d\u5c0f\u578b\u89e3\u51b3\u65b9\u6848\u5230\u5927\u578b\u590d\u6742\u90e8\u7f72\u7684\u7279\u5b9a\u9700\u6c42\u3002\r\n\r\nSiemens Siveillance Video\u6444\u50cf\u673a\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u7279\u5b9a\u6761\u4ef6\u4e0b\u8bfb\u53d6\u5b58\u50a8\u5728Recording Server\u4e2d\u7684\u6444\u50cf\u673a\u51ed\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens Siveillance Video\u6444\u50cf\u673a\u9a71\u52a8\u7a0b\u5e8f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Siemens Siveillance Video Device Pack \u003cV13.5"
},
"referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-404759.html",
"serverity": "\u4e2d",
"submitTime": "2025-01-14",
"title": "Siemens Siveillance Video\u6444\u50cf\u673a\u9a71\u52a8\u7a0b\u5e8f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2024-12569
Vulnerability from fkie_nvd - Published: 2024-12-19 09:16 - Updated: 2026-04-15 00:35
Severity
Summary
Disclosure
of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera
credentials stored in the Recording Server under specific conditions.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Disclosure\nof sensitive information in a Milestone XProtect Device Pack driver\u2019s log file for third-party cameras, allows an attacker to read camera\ncredentials stored in the Recording Server under specific conditions."
},
{
"lang": "es",
"value": "La divulgaci\u00f3n de informaci\u00f3n sensible en un archivo de registro del controlador Milestone XProtect Device Pack para c\u00e1maras de terceros, permite a un atacante leer las credenciales de la c\u00e1mara almacenadas en el servidor de grabaci\u00f3n bajo condiciones espec\u00edficas."
}
],
"id": "CVE-2024-12569",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"type": "Secondary"
}
]
},
"published": "2024-12-19T09:16:13.830",
"references": [
{
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"url": "https://supportcommunity.milestonesys.com/KBRedir?art=000067740\u0026lang=en_US"
}
],
"sourceIdentifier": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"type": "Secondary"
}
]
}
GHSA-85G9-M9J2-HCX2
Vulnerability from github – Published: 2024-12-19 09:30 – Updated: 2024-12-20 18:31
VLAI
Details
Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions.
Severity
{
"affected": [],
"aliases": [
"CVE-2024-12569"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-19T09:16:13Z",
"severity": "MODERATE"
},
"details": "Disclosure of sensitive information in HikVision camera driver\u0027s log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions.",
"id": "GHSA-85g9-m9j2-hcx2",
"modified": "2024-12-20T18:31:31Z",
"published": "2024-12-19T09:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12569"
},
{
"type": "WEB",
"url": "https://supportcommunity.milestonesys.com/KBRedir?art=000067740\u0026lang=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
ICSA-25-016-03
Vulnerability from csaf_cisa - Published: 2025-01-14 00:00 - Updated: 2025-05-06 06:00Summary
Siemens Siveillance Video Camera
Notes
Summary: Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions.
Siemens has released an update of the Device Pack and recommends to apply this update to all deployments of Siveillance Video. In general, Siemens recommends installing the latest Device Pack which contains the most up-to-date device drivers.
General Recommendations: As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors: Commercial Facilities, Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siveillance Video Device Pack
Siemens / Siveillance Video Device Pack
|
<V13.5 |
Mitigation
Vendor Fix
|
References
10 references
Acknowledgments
Milestone PSIRT
{
"document": {
"acknowledgments": [
{
"organization": "Milestone PSIRT",
"summary": "reporting this vulnerability to Siemens."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions.\n\nSiemens has released an update of the Device Pack and recommends to apply this update to all deployments of Siveillance Video. In general, Siemens recommends installing the latest Device Pack which contains the most up-to-date device drivers.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Commercial Facilities, Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-404759: Information Disclosure Vulnerability in Siveillance Video Camera Drivers - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-404759.json"
},
{
"category": "self",
"summary": "SSA-404759: Information Disclosure Vulnerability in Siveillance Video Camera Drivers - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-404759.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-016-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-016-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-016-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Siveillance Video Camera",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-016-03",
"initial_release_date": "2025-01-14T00:00:00.000000Z",
"revision_history": [
{
"date": "2025-01-14T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-01-15T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated CVE-2024-12569 with changed description according to https://www.cve.org/CVERecord?id=CVE-2024-12569"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "3",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV13.5",
"product": {
"name": "Siveillance Video Device Pack",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Siveillance Video Device Pack"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12569",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "summary",
"text": "Disclosure of sensitive information in a Milestone XProtect Device Pack driver\u2019s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Ensure that only trusted people get local access to the driver log files on the Recording Server",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V13.5 or later version",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2024-12569"
}
]
}
NCSC-2025-0008
Vulnerability from csaf_ncscnl - Published: 2025-01-14 11:54 - Updated: 2025-01-14 11:54Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Management, Mendix, SIMATIC, SIPROTEC en Siveillance.
Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Cross-Site-Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Dreigingsinformatie: CVE's toe te voegen:
CVE-2024-12569, CVE-2024-45385, CVE-2024-47100, CVE-2024-53649, CVE-2024-56841
Kans: medium
Schade: high
CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE-532: Insertion of Sensitive Information into Log File
CWE-552: Files or Directories Accessible to External Parties
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-532
- Insertion of Sensitive Information into Log File
CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
industrial_edge_management_os__iem-os_
siemens
|
cpe:2.3:a:siemens:industrial_edge_management_os__iem-os_:*:*:*:*:*:*:*:*
|
— |
CWE-352
- Cross-Site Request Forgery (CSRF)
Affected products
Known affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_s7-1200_cpu_1211c_ac_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1211c_ac_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1211c_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1211c_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1211c_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1211c_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1212c_ac_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212c_ac_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1212c_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212c_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1212c_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212c_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1212fc_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212fc_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1212fc_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212fc_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1214c_ac_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214c_ac_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1214c_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214c_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1214c_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214c_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1214fc_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214fc_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1214fc_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214fc_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1215c_ac_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215c_ac_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1215c_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215c_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1215c_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215c_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1215fc_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215fc_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1215fc_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215fc_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1200_cpu_1217c_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:simatic_s7-1200_cpu_1217c_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1212_ac_dc_rly
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212_ac_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1212_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1212c_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212c_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1212c_dc_dc_dc_rail
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212c_dc_dc_dc_rail:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1214_ac_dc_rly
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214_ac_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1214_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1214_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1214c_dc_dc_dc_rail
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214c_dc_dc_dc_rail:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1214fc_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214fc_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1214fc_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214fc_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1215_ac_dc_rly
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215_ac_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1215_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1215_dc_dc_rly
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215_dc_dc_rly:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1215c_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215c_dc_dc_dc:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1200_cpu_1215fc_dc_dc_dc
siemens
|
cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215fc_dc_dc_dc:*:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siprotec_5_6md84__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_6md84__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_6md85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_6md85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_6md86__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_6md86__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_6md89__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_6md89__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_6mu85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_6mu85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7ke85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7ke85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sa82__cp100_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sa82__cp100_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sa82__cp150_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sa82__cp150_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sa86__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sa86__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sa87__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sa87__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sd82__cp100_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sd82__cp100_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sd82__cp150_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sd82__cp150_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sd86__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sd86__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sd87__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sd87__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sj81__cp100_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sj81__cp100_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sj81__cp150_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sj81__cp150_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sj82__cp100_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sj82__cp100_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sj82__cp150_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sj82__cp150_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sj85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sj85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sj86__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sj86__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sk82__cp100_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sk82__cp100_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sk82__cp150_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sk82__cp150_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sk85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sk85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sl82__cp100_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sl82__cp100_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sl82__cp150_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sl82__cp150_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sl86__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sl86__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sl87__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sl87__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7ss85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7ss85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7st85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7st85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7st86__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7st86__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sx82__cp150_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sx82__cp150_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sx85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sx85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7sy82__cp150_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7sy82__cp150_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7um85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7um85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7ut82__cp100_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7ut82__cp100_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7ut82__cp150_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7ut82__cp150_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7ut85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7ut85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7ut86__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7ut86__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7ut87__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7ut87__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7ve85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7ve85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7vk87__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7vk87__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_7vu85__cp300_
siemens
|
cpe:2.3:a:siemens:siprotec_5_7vu85__cp300_:*:*:*:*:*:*:*:*
|
— | |
|
siprotec_5_compact_7sx800__cp050_
siemens
|
cpe:2.3:a:siemens:siprotec_5_compact_7sx800__cp050_:*:*:*:*:*:*:*:*
|
— |
7.4 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
mendix_ldap
siemens
|
cpe:2.3:a:siemens:mendix_ldap:*:*:*:*:*:*:*:*
|
— |
References
10 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Management, Mendix, SIMATIC, SIPROTEC en Siveillance.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Cross-Site-Scripting (XSS)\n- Cross-Site Request Forgery (CSRF)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "description",
"text": "CVE\u0027s toe te voegen:\n\nCVE-2024-12569, CVE-2024-45385, CVE-2024-47100, CVE-2024-53649, CVE-2024-56841",
"title": "Dreigingsinformatie"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"title": "CWE-90"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-194557.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-314390.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-404759.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-416411.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-717113.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2025-01-14T11:54:04.658073Z",
"id": "NCSC-2025-0008",
"initial_release_date": "2025-01-14T11:54:04.658073Z",
"revision_history": [
{
"date": "2025-01-14T11:54:04.658073Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1215fc_dc_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1215fc_dc_dc_rly",
"product_id": "CSAFPID-1712865",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215fc_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1217c_dc_dc_dc",
"product": {
"name": "simatic_s7-1200_cpu_1217c_dc_dc_dc",
"product_id": "CSAFPID-1712866",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1217c_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1212_ac_dc_rly",
"product": {
"name": "siplus_s7-1200_cpu_1212_ac_dc_rly",
"product_id": "CSAFPID-1712886",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212_ac_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1212_dc_dc_rly",
"product": {
"name": "siplus_s7-1200_cpu_1212_dc_dc_rly",
"product_id": "CSAFPID-1712887",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1212c_dc_dc_dc",
"product": {
"name": "siplus_s7-1200_cpu_1212c_dc_dc_dc",
"product_id": "CSAFPID-1712888",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212c_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1212c_dc_dc_dc_rail",
"product": {
"name": "siplus_s7-1200_cpu_1212c_dc_dc_dc_rail",
"product_id": "CSAFPID-1712889",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212c_dc_dc_dc_rail:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1214_ac_dc_rly",
"product": {
"name": "siplus_s7-1200_cpu_1214_ac_dc_rly",
"product_id": "CSAFPID-1712890",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214_ac_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1214_dc_dc_dc",
"product": {
"name": "siplus_s7-1200_cpu_1214_dc_dc_dc",
"product_id": "CSAFPID-1712891",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1214_dc_dc_rly",
"product": {
"name": "siplus_s7-1200_cpu_1214_dc_dc_rly",
"product_id": "CSAFPID-1712892",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1214c_dc_dc_dc_rail",
"product": {
"name": "siplus_s7-1200_cpu_1214c_dc_dc_dc_rail",
"product_id": "CSAFPID-1712893",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214c_dc_dc_dc_rail:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1214fc_dc_dc_dc",
"product": {
"name": "siplus_s7-1200_cpu_1214fc_dc_dc_dc",
"product_id": "CSAFPID-1712894",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214fc_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1214fc_dc_dc_rly",
"product": {
"name": "siplus_s7-1200_cpu_1214fc_dc_dc_rly",
"product_id": "CSAFPID-1712895",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214fc_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1215_ac_dc_rly",
"product": {
"name": "siplus_s7-1200_cpu_1215_ac_dc_rly",
"product_id": "CSAFPID-1712896",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215_ac_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1215_dc_dc_dc",
"product": {
"name": "siplus_s7-1200_cpu_1215_dc_dc_dc",
"product_id": "CSAFPID-1712897",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1215_dc_dc_rly",
"product": {
"name": "siplus_s7-1200_cpu_1215_dc_dc_rly",
"product_id": "CSAFPID-1712898",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1215c_dc_dc_dc",
"product": {
"name": "siplus_s7-1200_cpu_1215c_dc_dc_dc",
"product_id": "CSAFPID-1712899",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215c_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1200_cpu_1215fc_dc_dc_dc",
"product": {
"name": "siplus_s7-1200_cpu_1215fc_dc_dc_dc",
"product_id": "CSAFPID-1712900",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215fc_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_6md84__cp300_",
"product": {
"name": "siprotec_5_6md84__cp300_",
"product_id": "CSAFPID-1615375",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_6md84__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_6md85__cp300_",
"product": {
"name": "siprotec_5_6md85__cp300_",
"product_id": "CSAFPID-1615379",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_6md85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_6md86__cp300_",
"product": {
"name": "siprotec_5_6md86__cp300_",
"product_id": "CSAFPID-1615383",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_6md86__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_6md89__cp300_",
"product": {
"name": "siprotec_5_6md89__cp300_",
"product_id": "CSAFPID-1615385",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_6md89__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_6mu85__cp300_",
"product": {
"name": "siprotec_5_6mu85__cp300_",
"product_id": "CSAFPID-1615387",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_6mu85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7ke85__cp300_",
"product": {
"name": "siprotec_5_7ke85__cp300_",
"product_id": "CSAFPID-1615391",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7ke85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sa82__cp100_",
"product": {
"name": "siprotec_5_7sa82__cp100_",
"product_id": "CSAFPID-1615393",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sa82__cp100_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sa82__cp150_",
"product": {
"name": "siprotec_5_7sa82__cp150_",
"product_id": "CSAFPID-1615395",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sa82__cp150_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sa86__cp300_",
"product": {
"name": "siprotec_5_7sa86__cp300_",
"product_id": "CSAFPID-1615400",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sa86__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sa87__cp300_",
"product": {
"name": "siprotec_5_7sa87__cp300_",
"product_id": "CSAFPID-1615404",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sa87__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sd82__cp100_",
"product": {
"name": "siprotec_5_7sd82__cp100_",
"product_id": "CSAFPID-1615406",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sd82__cp100_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sd82__cp150_",
"product": {
"name": "siprotec_5_7sd82__cp150_",
"product_id": "CSAFPID-1615408",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sd82__cp150_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sd86__cp300_",
"product": {
"name": "siprotec_5_7sd86__cp300_",
"product_id": "CSAFPID-1615414",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sd86__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sd87__cp300_",
"product": {
"name": "siprotec_5_7sd87__cp300_",
"product_id": "CSAFPID-1615418",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sd87__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sj81__cp100_",
"product": {
"name": "siprotec_5_7sj81__cp100_",
"product_id": "CSAFPID-1615420",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sj81__cp100_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sj81__cp150_",
"product": {
"name": "siprotec_5_7sj81__cp150_",
"product_id": "CSAFPID-1615422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sj81__cp150_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sj82__cp100_",
"product": {
"name": "siprotec_5_7sj82__cp100_",
"product_id": "CSAFPID-1615424",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sj82__cp100_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sj82__cp150_",
"product": {
"name": "siprotec_5_7sj82__cp150_",
"product_id": "CSAFPID-1615426",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sj82__cp150_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sj85__cp300_",
"product": {
"name": "siprotec_5_7sj85__cp300_",
"product_id": "CSAFPID-1615430",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sj85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sj86__cp300_",
"product": {
"name": "siprotec_5_7sj86__cp300_",
"product_id": "CSAFPID-1615434",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sj86__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sk82__cp100_",
"product": {
"name": "siprotec_5_7sk82__cp100_",
"product_id": "CSAFPID-1615436",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sk82__cp100_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sk82__cp150_",
"product": {
"name": "siprotec_5_7sk82__cp150_",
"product_id": "CSAFPID-1615437",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sk82__cp150_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sk85__cp300_",
"product": {
"name": "siprotec_5_7sk85__cp300_",
"product_id": "CSAFPID-1615439",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sk85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sl82__cp100_",
"product": {
"name": "siprotec_5_7sl82__cp100_",
"product_id": "CSAFPID-1615440",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sl82__cp100_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sl82__cp150_",
"product": {
"name": "siprotec_5_7sl82__cp150_",
"product_id": "CSAFPID-1615441",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sl82__cp150_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sl86__cp300_",
"product": {
"name": "siprotec_5_7sl86__cp300_",
"product_id": "CSAFPID-1615443",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sl86__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sl87__cp300_",
"product": {
"name": "siprotec_5_7sl87__cp300_",
"product_id": "CSAFPID-1615445",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sl87__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7ss85__cp300_",
"product": {
"name": "siprotec_5_7ss85__cp300_",
"product_id": "CSAFPID-1615447",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7ss85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7st85__cp300_",
"product": {
"name": "siprotec_5_7st85__cp300_",
"product_id": "CSAFPID-1615449",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7st85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7st86__cp300_",
"product": {
"name": "siprotec_5_7st86__cp300_",
"product_id": "CSAFPID-1615450",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7st86__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sx82__cp150_",
"product": {
"name": "siprotec_5_7sx82__cp150_",
"product_id": "CSAFPID-1615451",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sx82__cp150_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sx85__cp300_",
"product": {
"name": "siprotec_5_7sx85__cp300_",
"product_id": "CSAFPID-1615452",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sx85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7sy82__cp150_",
"product": {
"name": "siprotec_5_7sy82__cp150_",
"product_id": "CSAFPID-1749292",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7sy82__cp150_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7um85__cp300_",
"product": {
"name": "siprotec_5_7um85__cp300_",
"product_id": "CSAFPID-1615453",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7um85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_os__iem-os_",
"product": {
"name": "industrial_edge_management_os__iem-os_",
"product_id": "CSAFPID-1637818",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_os__iem-os_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_ldap",
"product": {
"name": "mendix_ldap",
"product_id": "CSAFPID-1749293",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_ldap:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1211c_ac_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1211c_ac_dc_rly",
"product_id": "CSAFPID-1712848",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1211c_ac_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1211c_dc_dc_dc",
"product": {
"name": "simatic_s7-1200_cpu_1211c_dc_dc_dc",
"product_id": "CSAFPID-1712849",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1211c_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1211c_dc_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1211c_dc_dc_rly",
"product_id": "CSAFPID-1712850",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1211c_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1212c_ac_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1212c_ac_dc_rly",
"product_id": "CSAFPID-1712851",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212c_ac_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1212c_dc_dc_dc",
"product": {
"name": "simatic_s7-1200_cpu_1212c_dc_dc_dc",
"product_id": "CSAFPID-1712852",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212c_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1212c_dc_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1212c_dc_dc_rly",
"product_id": "CSAFPID-1712853",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212c_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1212fc_dc_dc_dc",
"product": {
"name": "simatic_s7-1200_cpu_1212fc_dc_dc_dc",
"product_id": "CSAFPID-1712854",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212fc_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1212fc_dc_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1212fc_dc_dc_rly",
"product_id": "CSAFPID-1712855",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212fc_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1214c_ac_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1214c_ac_dc_rly",
"product_id": "CSAFPID-1712856",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214c_ac_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1214c_dc_dc_dc",
"product": {
"name": "simatic_s7-1200_cpu_1214c_dc_dc_dc",
"product_id": "CSAFPID-1712857",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214c_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1214c_dc_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1214c_dc_dc_rly",
"product_id": "CSAFPID-1712858",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214c_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1214fc_dc_dc_dc",
"product": {
"name": "simatic_s7-1200_cpu_1214fc_dc_dc_dc",
"product_id": "CSAFPID-1712859",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214fc_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1214fc_dc_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1214fc_dc_dc_rly",
"product_id": "CSAFPID-1712860",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214fc_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1215c_ac_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1215c_ac_dc_rly",
"product_id": "CSAFPID-1712861",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215c_ac_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1215c_dc_dc_dc",
"product": {
"name": "simatic_s7-1200_cpu_1215c_dc_dc_dc",
"product_id": "CSAFPID-1712862",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215c_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1215c_dc_dc_rly",
"product": {
"name": "simatic_s7-1200_cpu_1215c_dc_dc_rly",
"product_id": "CSAFPID-1712863",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215c_dc_dc_rly:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1200_cpu_1215fc_dc_dc_dc",
"product": {
"name": "simatic_s7-1200_cpu_1215fc_dc_dc_dc",
"product_id": "CSAFPID-1712864",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215fc_dc_dc_dc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7ut82__cp100_",
"product": {
"name": "siprotec_5_7ut82__cp100_",
"product_id": "CSAFPID-1615454",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7ut82__cp100_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7ut82__cp150_",
"product": {
"name": "siprotec_5_7ut82__cp150_",
"product_id": "CSAFPID-1615455",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7ut82__cp150_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7ut85__cp300_",
"product": {
"name": "siprotec_5_7ut85__cp300_",
"product_id": "CSAFPID-1615457",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7ut85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7ut86__cp300_",
"product": {
"name": "siprotec_5_7ut86__cp300_",
"product_id": "CSAFPID-1615459",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7ut86__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7ut87__cp300_",
"product": {
"name": "siprotec_5_7ut87__cp300_",
"product_id": "CSAFPID-1615461",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7ut87__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7ve85__cp300_",
"product": {
"name": "siprotec_5_7ve85__cp300_",
"product_id": "CSAFPID-1615462",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7ve85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7vk87__cp300_",
"product": {
"name": "siprotec_5_7vk87__cp300_",
"product_id": "CSAFPID-1615464",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7vk87__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_7vu85__cp300_",
"product": {
"name": "siprotec_5_7vu85__cp300_",
"product_id": "CSAFPID-1615465",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_7vu85__cp300_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siprotec_5_compact_7sx800__cp050_",
"product": {
"name": "siprotec_5_compact_7sx800__cp050_",
"product_id": "CSAFPID-1615468",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siprotec_5_compact_7sx800__cp050_:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12569",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-12569",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-12569.json"
}
],
"title": "CVE-2024-12569"
},
{
"cve": "CVE-2024-45385",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637818"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45385",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45385.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637818"
]
}
],
"title": "CVE-2024-45385"
},
{
"cve": "CVE-2024-47100",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1712848",
"CSAFPID-1712849",
"CSAFPID-1712850",
"CSAFPID-1712851",
"CSAFPID-1712852",
"CSAFPID-1712853",
"CSAFPID-1712854",
"CSAFPID-1712855",
"CSAFPID-1712856",
"CSAFPID-1712857",
"CSAFPID-1712858",
"CSAFPID-1712859",
"CSAFPID-1712860",
"CSAFPID-1712861",
"CSAFPID-1712862",
"CSAFPID-1712863",
"CSAFPID-1712864",
"CSAFPID-1712865",
"CSAFPID-1712866",
"CSAFPID-1712886",
"CSAFPID-1712887",
"CSAFPID-1712888",
"CSAFPID-1712889",
"CSAFPID-1712890",
"CSAFPID-1712891",
"CSAFPID-1712892",
"CSAFPID-1712893",
"CSAFPID-1712894",
"CSAFPID-1712895",
"CSAFPID-1712896",
"CSAFPID-1712897",
"CSAFPID-1712898",
"CSAFPID-1712899",
"CSAFPID-1712900"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47100",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47100.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1712848",
"CSAFPID-1712849",
"CSAFPID-1712850",
"CSAFPID-1712851",
"CSAFPID-1712852",
"CSAFPID-1712853",
"CSAFPID-1712854",
"CSAFPID-1712855",
"CSAFPID-1712856",
"CSAFPID-1712857",
"CSAFPID-1712858",
"CSAFPID-1712859",
"CSAFPID-1712860",
"CSAFPID-1712861",
"CSAFPID-1712862",
"CSAFPID-1712863",
"CSAFPID-1712864",
"CSAFPID-1712865",
"CSAFPID-1712866",
"CSAFPID-1712886",
"CSAFPID-1712887",
"CSAFPID-1712888",
"CSAFPID-1712889",
"CSAFPID-1712890",
"CSAFPID-1712891",
"CSAFPID-1712892",
"CSAFPID-1712893",
"CSAFPID-1712894",
"CSAFPID-1712895",
"CSAFPID-1712896",
"CSAFPID-1712897",
"CSAFPID-1712898",
"CSAFPID-1712899",
"CSAFPID-1712900"
]
}
],
"title": "CVE-2024-47100"
},
{
"cve": "CVE-2024-53649",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615375",
"CSAFPID-1615379",
"CSAFPID-1615383",
"CSAFPID-1615385",
"CSAFPID-1615387",
"CSAFPID-1615391",
"CSAFPID-1615393",
"CSAFPID-1615395",
"CSAFPID-1615400",
"CSAFPID-1615404",
"CSAFPID-1615406",
"CSAFPID-1615408",
"CSAFPID-1615414",
"CSAFPID-1615418",
"CSAFPID-1615420",
"CSAFPID-1615422",
"CSAFPID-1615424",
"CSAFPID-1615426",
"CSAFPID-1615430",
"CSAFPID-1615434",
"CSAFPID-1615436",
"CSAFPID-1615437",
"CSAFPID-1615439",
"CSAFPID-1615440",
"CSAFPID-1615441",
"CSAFPID-1615443",
"CSAFPID-1615445",
"CSAFPID-1615447",
"CSAFPID-1615449",
"CSAFPID-1615450",
"CSAFPID-1615451",
"CSAFPID-1615452",
"CSAFPID-1749292",
"CSAFPID-1615453",
"CSAFPID-1615454",
"CSAFPID-1615455",
"CSAFPID-1615457",
"CSAFPID-1615459",
"CSAFPID-1615461",
"CSAFPID-1615462",
"CSAFPID-1615464",
"CSAFPID-1615465",
"CSAFPID-1615468"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-53649",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53649.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1615375",
"CSAFPID-1615379",
"CSAFPID-1615383",
"CSAFPID-1615385",
"CSAFPID-1615387",
"CSAFPID-1615391",
"CSAFPID-1615393",
"CSAFPID-1615395",
"CSAFPID-1615400",
"CSAFPID-1615404",
"CSAFPID-1615406",
"CSAFPID-1615408",
"CSAFPID-1615414",
"CSAFPID-1615418",
"CSAFPID-1615420",
"CSAFPID-1615422",
"CSAFPID-1615424",
"CSAFPID-1615426",
"CSAFPID-1615430",
"CSAFPID-1615434",
"CSAFPID-1615436",
"CSAFPID-1615437",
"CSAFPID-1615439",
"CSAFPID-1615440",
"CSAFPID-1615441",
"CSAFPID-1615443",
"CSAFPID-1615445",
"CSAFPID-1615447",
"CSAFPID-1615449",
"CSAFPID-1615450",
"CSAFPID-1615451",
"CSAFPID-1615452",
"CSAFPID-1749292",
"CSAFPID-1615453",
"CSAFPID-1615454",
"CSAFPID-1615455",
"CSAFPID-1615457",
"CSAFPID-1615459",
"CSAFPID-1615461",
"CSAFPID-1615462",
"CSAFPID-1615464",
"CSAFPID-1615465",
"CSAFPID-1615468"
]
}
],
"title": "CVE-2024-53649"
},
{
"cve": "CVE-2024-56841",
"cwe": {
"id": "CWE-90",
"name": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"title": "CWE-90"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1749293"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56841",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56841.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1749293"
]
}
],
"title": "CVE-2024-56841"
}
]
}
SSA-404759
Vulnerability from csaf_siemens - Published: 2025-01-14 00:00 - Updated: 2025-01-15 00:00Summary
SSA-404759: Information Disclosure Vulnerability in Siveillance Video Camera Drivers
Notes
Summary: Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions.
Siemens has released an update of the Device Pack and recommends to apply this update to all deployments of Siveillance Video. In general, Siemens recommends installing the latest Device Pack which contains the most up-to-date device drivers.
General Recommendations: As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siveillance Video Device Pack
Siemens / Siveillance Video Device Pack
|
vers:all/<V13.5 |
Mitigation
Vendor Fix
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions.\n\nSiemens has released an update of the Device Pack and recommends to apply this update to all deployments of Siveillance Video. In general, Siemens recommends installing the latest Device Pack which contains the most up-to-date device drivers.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-404759: Information Disclosure Vulnerability in Siveillance Video Camera Drivers - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-404759.html"
},
{
"category": "self",
"summary": "SSA-404759: Information Disclosure Vulnerability in Siveillance Video Camera Drivers - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-404759.json"
}
],
"title": "SSA-404759: Information Disclosure Vulnerability in Siveillance Video Camera Drivers",
"tracking": {
"current_release_date": "2025-01-15T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-404759",
"initial_release_date": "2025-01-14T00:00:00Z",
"revision_history": [
{
"date": "2025-01-14T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-01-15T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated CVE-2024-12569 with changed description according to https://www.cve.org/CVERecord?id=CVE-2024-12569"
}
],
"status": "interim",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV13.5",
"product": {
"name": "Siveillance Video Device Pack",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Siveillance Video Device Pack"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12569",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "summary",
"text": "Disclosure of sensitive information in a Milestone XProtect Device Pack driver\u2019s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Ensure that only trusted people get local access to the driver log files on the Recording Server",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V13.5 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-12569"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…