Siemens Siveillance Video Servers Vulnerable to Privilege Escalation via Webhooks Flaw
CISA warns of CVE-2026-22004 in Siemens Siveillance Video Management Servers, enabling authenticated attackers to escalate privileges via Webhooks API.
Siemens Siveillance Video Servers Affected by Privilege Escalation Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a critical vulnerability in Siemens Siveillance Video Management Servers, identified as CVE-2026-22004, which could allow an authenticated remote attacker with read-only privileges to gain full access to the Webhooks API. The advisory, published on February 12, 2026, highlights the risk of privilege escalation in affected systems.
Technical Details
The vulnerability resides in the Webhooks implementation of Siemens Siveillance Video Management Servers. An attacker with minimal access (read-only permissions) could exploit this flaw to escalate privileges, potentially gaining unauthorized control over the Webhooks API. Siemens has acknowledged the issue and released updated versions to mitigate the risk.
For further technical analysis, the Common Security Advisory Framework (CSAF) document is available here.
Impact Analysis
This vulnerability poses a significant risk to organizations relying on Siemens Siveillance Video Management Servers for surveillance and security operations. Successful exploitation could enable attackers to:
- Manipulate Webhooks API functions, potentially disrupting video feeds or altering system configurations.
- Escalate privileges beyond intended access levels, compromising the integrity of the surveillance infrastructure.
- Gain a foothold for further lateral movement within the network.
Given the critical nature of video management systems in security operations, this flaw could have severe operational and safety implications if left unpatched.
Recommendations
CISA and Siemens urge affected organizations to:
- Apply the latest patches immediately to mitigate CVE-2026-22004.
- Review user access controls to ensure least-privilege principles are enforced.
- Monitor Webhooks API activity for suspicious behavior, such as unauthorized access attempts or configuration changes.
- Consult Siemens’ official security advisory for detailed remediation steps and version-specific guidance.
Security teams should prioritize this update, particularly in environments where Siveillance Video Management Servers are deployed in high-security or critical infrastructure settings.