Critical security vulnerability for Siemens-branded IP-based CCTV cameras

A critical security vulnerability has been discovered for Siemens-branded IP-based CCTV cameras that allow remote attackers to obtain administrative credentials from the integrated web server.

December 5, 2016

A critical security vulnerability (CVSS score 9.8/10) has been discovered for some Siemens-branded IP-based CCTV cameras that allow remote attackers to obtain administrative credentials from the integrated web server. Siemens has published firmware updates and encourages customers to upgrade to the new versions as soon as possible to protect against this vulnerability.

The Genetec Inc. product that is affected by this vulnerability includes the Security Center Omnicast™ video management system. 

Following the release of the new firmware from Siemens, Genetec has tested the compatibility with its products. Genetec now officially supports this new firmware and the included security updates. Clients can now safely update any Siemens products affected by this vulnerability.

Please refer to the vulnerability report CVE-2016-9155 on the Siemens website for the complete list of affected products and firmware.  

For more information on the exact firmware supported by Security Center, please consult the Genetec Technical Assistance Portal (GTAP)*.

*Note: To log into the Genetec Portal, you must be a Security Center user with the appropriate credentials. If you do not have access credentials, please contact [email protected].