Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-4849
PUBLISHED
More InfoOfficial Page
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
View Known Exploited Vulnerability (KEV) details
Published At-03 May, 2018 | 13:00
Updated At-16 Sep, 2024 | 22:02
Rejected At-
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. The security vulnerability could be exploited by an attacker in a privileged network position which allows intercepting the communication channel between the affected app and a server (such as Man-in-the-Middle). Furthermore, an attacker must be able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate. Successful exploitation requires no user interaction. The vulnerability could allow reading data from and writing data to the encrypted communication channel between the app and a server, impacting the communication's confidentiality and integrity. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

Affected Products
Vendor
Siemens AGSiemens AG
Product
Siveillance VMS Video for Android, Siveillance VMS Video for iOS
Versions
Affected
  • Siveillance VMS Video for Android : All versions < V12.1a (2018 R1)
  • Siveillance VMS Video for iOS : All versions < V12.1a (2018 R1)
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295: Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/104105
vdb-entry
x_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/104105
vdb-entry
x_refsource_BID
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf
x_refsource_CONFIRM
x_transferred
Details not found