CVE-2021-31891

10CRITICAL

Key Information:

Vendor: Siemens
Status: Desigo Cc; Gma-manager; Operation Scheduler; Siveillance Control
Vendor: CVE Published:; 14 September 2021

Summary

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

Affected Version(s)

Desigo CC All versions with OIS Extension Module

GMA-Manager All versions with OIS running on Debian 9 or earlier

Operation Scheduler All versions with OIS running on Debian 9 or earlier

References

https://cert-portal.siemens.com/productcert/pdf/ssa-53538...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
Apr 29, 2021