Vulnerability Details CVE-2018-7891
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 88.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/104120
- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf
- https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vulnerability-hotfixes-for-2016-R1-2018-R1?language=en_US
- http://www.securityfocus.com/bid/104120
- https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdf
- https://supportcommunity.milestonesys.com/s/article/XProtect-VMS-NET-security-vulnerability-hotfixes-for-2016-R1-2018-R1?language=en_US
Products affected by CVE-2018-7891
-
cpe:2.3:a:milestonesys:xprotect:10.0.a
-
cpe:2.3:a:milestonesys:xprotect:12.1a
-
cpe:2.3:a:siemens:siveillance_vms:*
-
cpe:2.3:a:siemens:siveillance_vms:10.0a
-
cpe:2.3:a:siemens:siveillance_vms:10.1a
-
cpe:2.3:a:siemens:siveillance_vms:10.2b
-
cpe:2.3:a:siemens:siveillance_vms:11.1a
-
cpe:2.3:a:siemens:siveillance_vms:11.2a