CVE-2016-9155

22.11.2016, 11:59

The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
siemens	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Vendor	Product	Version
siemens	ccid1445-dn18_firmware	-
siemens	ccid1445-dn28_firmware	-
siemens	ccid1445-dn36_firmware	-
siemens	ccis1425_firmware	-
siemens	ccmd3025-dn18_firmware	-
siemens	ccms2025_firmware	-
siemens	ccmw1025_firmware	-
siemens	ccmw3025_firmware	-
siemens	ccpw3025_firmware	-
siemens	cfis1425_firmware	-
siemens	cfms2025_firmware	-
siemens	cfmw1025_firmware	-
siemens	cfmw3025_firmware	-
siemens	cvms2025-ir_firmware	-
siemens	cvmw3025-ir_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

http://www.securityfocus.com/bid/94392

https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf

http://www.securityfocus.com/bid/94392

https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf