A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
References
| Link | Resource |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
| AND |
|
History
28 Sep 2021, 16:48
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf - Patch, Vendor Advisory | |
| CPE | cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:desigo_cc:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:siveillance_control:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 10.0 |
14 Sep 2021, 11:42
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-09-14 11:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-31891
Mitre link : CVE-2021-31891
CVE.ORG link : CVE-2021-31891
JSON object : View
Products Affected
debian
- debian_linux
siemens
- siveillance_control
- desigo_cc
- siveillance_control_pro
- gma-manager
- operation_scheduler
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')