8.8
CVE-2021-27392
- EPSS 0.25%
- Published 22.04.2021 21:15:10
- Last modified 21.11.2024 05:57:54
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Siveillance Video Open Network Bridge Version2018 Updater2
Siemens ≫ Siveillance Video Open Network Bridge Version2018 Updater3
Siemens ≫ Siveillance Video Open Network Bridge Version2019 Updater1
Siemens ≫ Siveillance Video Open Network Bridge Version2019 Updater2
Siemens ≫ Siveillance Video Open Network Bridge Version2019 Updater3
Siemens ≫ Siveillance Video Open Network Bridge Version2020 Updater1
Siemens ≫ Siveillance Video Open Network Bridge Version2020 Updater2
Siemens ≫ Siveillance Video Open Network Bridge Version2020 Updater3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.477 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.