CVE-2022-43400

CRITICAL

Siveillance Video Mobile Server <V2022 R2 - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-640732.pdf

Scores

CVSS v3 9.8

EPSS 0.0119

EPSS Percentile 78.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-1390 CWE-287

Status published

Products (1)

siemens/siveillance_video_mobile_server < 22.2a\(80\)

Published Oct 21, 2022

Tracked Since Feb 18, 2026