CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-31891

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0530%
EPSS Percentile29.15th
Published2021年9月14日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

Affected Platforms (CPE)

📦
Siemens

Desigo Cc

All versions
📦
Siemens

Siveillance Control Pro

All versions
📦
Siemens

Gma Manager

All versions
📦
Siemens

Operation Scheduler

All versions
📦
Siemens

Siveillance Control

All versions

References & Advisories

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf

相關漏洞威脅

CVE-2021-3718110.0

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All ...

CVE-2020-100559.8

A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Aff...

CVE-2021-318849.8

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), AP...

CVE-2021-318869.8

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), AP...