VDB

CVE-2021-31891

CVE-2021-31891 PUBLISHED CVSS 10 CRITICAL

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

EPSS 4.57% · 89.4th percentile

Risk Scores

CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
4.57%
89.4th percentile

Affected Products

VendorProductVersions
siemenssiveillance_control_pro
SiemensGMA-ManagerAll versions with OIS running on Debian 9 or earlier
SiemensSiveillance ControlAll versions with OIS running on Debian 9 or earlier
siemenssiveillance_control
siemensgma-manager
siemensoperation_scheduler
SiemensSiveillance Control ProAll versions
siemensdesigo_cc
SiemensOperation SchedulerAll versions with OIS running on Debian 9 or earlier
SiemensDesigo CCAll versions with OIS Extension Module

Exploit Intelligence

Timeline

  • Apr 13, 2021 CVE Published
  • Sep 15, 2021 EPSS Score
  • Oct 5, 2021 EPSS Score
  • Nov 11, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jun 29, 2022 EPSS Score
  • Aug 27, 2022 EPSS Score
  • Dec 20, 2022 EPSS Score
  • Feb 15, 2023 EPSS Score

References

…and 2 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›