A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Siveillance_video_mobile_server | Siemens | * | 22.2a(80) (excluding) |
Attackers may be able to bypass weak authentication faster and/or with less effort than expected.