CVE-2021-31891

CVE-2021-31891

Vendor Siemens

Product Desigo CC

Weakness CWE-78

Published September 14, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

Key dates

02Disclosure timeline

September 14, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-31891

Related vulnerabilities

Identifiers

CVE CVE-2021-31891

CWE CWE-78

Affected versions

Vendor Siemens

Product Desigo CC

Affected All versions with OIS Extension Module

Vendor Siemens

Product GMA-Manager

Affected All versions with OIS running on Debian 9 or earlier

Vendor Siemens

Product Operation Scheduler

Affected All versions with OIS running on Debian 9 or earlier

Vendor Siemens

Product Siveillance Control

Affected All versions with OIS running on Debian 9 or earlier

Vendor Siemens

Product Siveillance Control Pro

Affected All versions

01Description

02Disclosure timeline

03References

04Related CVE