9.9
CVE-2023-30899
- EPSS 1.99%
- Veröffentlicht 09.05.2023 13:15:18
- Zuletzt bearbeitet 21.11.2024 08:01:01
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Siveillance Video Version2020 Updater2
Siemens ≫ Siveillance Video Version2020 Updater3
Siemens ≫ Siveillance Video Version2021 Updater1
Siemens ≫ Siveillance Video Version2021 Updater2
Siemens ≫ Siveillance Video Version2022 Updater1
Siemens ≫ Siveillance Video Version2022 Updater2
Siemens ≫ Siveillance Video Version2022 Updater3
Siemens ≫ Siveillance Video Version2023 Updater1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.99% | 0.825 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| productcert@siemens.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.