Full Report
Siveillance Control does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges. Siemens has released a new version for Siveillance Control and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Authorization Bypass in Siemens Siveillance Control
## CVE Details
- **CVE ID:** CVE-2023-45793
- **CVSS Score:**
- **CVSS v4.0:** 6.8 (Medium)
- **CVSS v3.1:** 5.5 (Medium)
- **CWE:** CWE-863: Incorrect Authorization
## Affected Systems
- **Products:** Siveillance Control (formerly Siveillance Viewpoint)
- **Versions:** All versions ≥ V2.8 and < V3.1.1
- **Configurations:** Systems where multiple access groups are assigned to individual users.
## Vulnerability Description
The vulnerability exists because Siveillance Control fails to properly validate the full list of access groups assigned to a specific user. This flaw in the authorization logic allows a user who is already authenticated and locally logged on to bypass intended restrictions. Specifically, a user can escalate their permissions to gain write access to objects for which they were originally granted only read-only privileges.
## Exploitation
- **Status:** Not exploited (No reports of exploitation in the wild or public PoC provided in the advisory).
- **Complexity:** Low
- **Attack Vector:** Local (Requires the attacker to have local logon access to the Siveillance Control frontend).
## Impact
- **Confidentiality:** None
- **Integrity:** High (Unauthorized modification of security system objects/configurations).
- **Availability:** None
## Remediation
### Patches
- **Siveillance Control V3.1.1:** Siemens recommends updating to V3.1.1 or any subsequent later version.
- **Download Link:** hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109827073/
### Workarounds
- **Access Control:** Restrict physical and interactive local access to the specific machines where the Siveillance Control frontend is installed.
- **General Best Practices:** Ensure the environment follows Siemens' general security recommendations for protected IT environments and network segmentation.
## Detection
- **Indicators of Compromise:** Unusual or unauthorized modifications to objects/assets by users who typically hold read-only permissions.
- **Detection Methods:** Review Siveillance Control audit logs for write operations performed by accounts that should be restricted to read-only access groups.
## References
- **Siemens Advisory (SSA-145196):** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-145196[.]html
- **Siemens ProductCERT:** hxxps://www[.]siemens[.]com/cert/advisories