Details of VAR-201805-1130

ID

VAR-201805-1130

CVE

CVE-2018-4849

TITLE

Android For and iOS for Siveillance VMS Video Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2018-004924

DESCRIPTION

A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. The security vulnerability could be exploited by an attacker in a privileged network position which allows intercepting the communication channel between the affected app and a server (such as Man-in-the-Middle). Furthermore, an attacker must be able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate. Successful exploitation requires no user interaction. The vulnerability could allow reading data from and writing data to the encrypted communication channel between the app and a server, impacting the communication's confidentiality and integrity. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. Siemens Siveillance VMS Video for Android is a set of Android-based video management software from Siemens. The vulnerability stems from the failure of the program to properly verify the certificate. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions

Trust: 2.61

sources: NVD: CVE-2018-4849 // JVNDB: JVNDB-2018-004924 // CNVD: CNVD-2018-09146 // BID: 104105 // IVD: e2ee9c31-39ab-11e9-b872-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2ee9c31-39ab-11e9-b872-000c29342cb1 // CNVD: CNVD-2018-09146

AFFECTED PRODUCTS

vendor:	siemens	model:	siveillance vms video	scope:	lt	version:	12.1a	Trust: 1.0
vendor:	siemens	model:	siveillance vms video mobile application	scope:	eq	version:	for android v12.1a (2018 r1)	Trust: 0.8
vendor:	siemens	model:	siveillance vms video mobile application	scope:	eq	version:	for ios v12.1a (2018 r1)	Trust: 0.8
vendor:	siemens	model:	siveillance vms video for android <12.1a r1)	scope:	eq	version:	(2018	Trust: 0.6
vendor:	siemens	model:	siveillance vms video for ios <12.1a r1)	scope:	eq	version:	(2018	Trust: 0.6
vendor:	siveillance vms video	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	siemens	model:	siveillance vms video for ios	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siveillance vms video for android	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siveillance vms video for ios 12.1a r1)	scope:	ne	version:	(2018	Trust: 0.3
vendor:	siemens	model:	siveillance vms video for android 12.1a r1)	scope:	ne	version:	(2018	Trust: 0.3

sources: IVD: e2ee9c31-39ab-11e9-b872-000c29342cb1 // CNVD: CNVD-2018-09146 // BID: 104105 // JVNDB: JVNDB-2018-004924 // NVD: CVE-2018-4849

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4849
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4849
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-09146
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-149
value:	HIGH
Trust: 0.6
IVD:	e2ee9c31-39ab-11e9-b872-000c29342cb1
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2018-4849
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-09146
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ee9c31-39ab-11e9-b872-000c29342cb1
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-4849
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: IVD: e2ee9c31-39ab-11e9-b872-000c29342cb1 // CNVD: CNVD-2018-09146 // JVNDB: JVNDB-2018-004924 // CNNVD: CNNVD-201805-149 // NVD: CVE-2018-4849

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.8

sources: JVNDB: JVNDB-2018-004924 // NVD: CVE-2018-4849

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-149

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-149

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004924

PATCH

title:	SSA-468514	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf	Trust: 0.8
title:	Siemens Siveillance VMS Video for Android and iOS incorrect certificate validation vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/128505	Trust: 0.6
title:	Siemens Siveillance VMS Video for Android and iOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79868	Trust: 0.6

sources: CNVD: CNVD-2018-09146 // JVNDB: JVNDB-2018-004924 // CNNVD: CNNVD-201805-149

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4849	Trust: 3.5
db:	BID	id:	104105	Trust: 1.9
db:	ICS CERT	id:	ICSA-18-128-03	Trust: 1.7
db:	SIEMENS	id:	SSA-468514	Trust: 1.6
db:	CNVD	id:	CNVD-2018-09146	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-149	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-004924	Trust: 0.8
db:	IVD	id:	E2EE9C31-39AB-11E9-B872-000C29342CB1	Trust: 0.2

sources: IVD: e2ee9c31-39ab-11e9-b872-000c29342cb1 // CNVD: CNVD-2018-09146 // BID: 104105 // JVNDB: JVNDB-2018-004924 // CNNVD: CNNVD-201805-149 // NVD: CVE-2018-4849

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-128-03	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdf	Trust: 1.6
url:	http://www.securityfocus.com/bid/104105	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4849	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4849	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-09146 // BID: 104105 // JVNDB: JVNDB-2018-004924 // CNNVD: CNNVD-201805-149 // NVD: CVE-2018-4849

CREDITS

Karsten Sohr from TZI Bremen

Trust: 0.3

sources: BID: 104105

SOURCES

db:	IVD	id:	e2ee9c31-39ab-11e9-b872-000c29342cb1
db:	CNVD	id:	CNVD-2018-09146
db:	BID	id:	104105
db:	JVNDB	id:	JVNDB-2018-004924
db:	CNNVD	id:	CNNVD-201805-149
db:	NVD	id:	CVE-2018-4849

LAST UPDATE DATE

2024-11-23T23:08:43.434000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-09146	date:	2018-05-09T00:00:00
db:	BID	id:	104105	date:	2018-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-004924	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-149	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-4849	date:	2024-11-21T04:07:34.873

SOURCES RELEASE DATE

db:	IVD	id:	e2ee9c31-39ab-11e9-b872-000c29342cb1	date:	2018-05-09T00:00:00
db:	CNVD	id:	CNVD-2018-09146	date:	2018-05-09T00:00:00
db:	BID	id:	104105	date:	2018-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-004924	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-149	date:	2018-05-04T00:00:00
db:	NVD	id:	CVE-2018-4849	date:	2018-05-03T13:29:00.233