CVE-2024-12569 Milestone Systems CVE debrief

Who should care

Organizations running Siemens Siveillance Video or legacy Milestone XProtect installations with third-party camera Device Packs, particularly those in critical infrastructure, physical security operations, and industrial environments where camera credential compromise could enable surveillance system manipulation or lateral movement.

Technical summary

The vulnerability exists in the Device Pack driver for third-party cameras used with Siemens Siveillance Video (formerly Milestone XProtect). Under specific conditions, camera credentials stored in the Recording Server are written to driver log files in cleartext. An attacker with local access to these log files can read the exposed credentials. The attack requires local access (AV:L), high attack complexity (AC:H), and low privileges (PR:L), but successful exploitation yields high impact across confidentiality, integrity, and availability with changed scope (S:C). The vulnerability was addressed in version 13.5.

Defensive priority

HIGH

Recommended defensive actions

• Update Siveillance Video Device Pack to version 13.5 or later to apply the vendor fix
• Restrict local access to driver log files on the Recording Server to trusted personnel only
• Review and rotate camera credentials that may have been exposed in log files prior to patching
• Implement defense-in-depth controls for industrial control systems per CISA guidance
• Monitor Recording Server log directories for unauthorized access attempts

Evidence notes

CVE description and remediation details sourced from CISA CSAF advisory ICSA-25-016-03. CVSS vector AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H indicates local attack vector with high attack complexity, low privileges required, no user interaction, and changed scope with high impact across confidentiality, integrity, and availability.

Official resources