SSA-535380 — Vulnetix

SSA-535380 PUBLISHED CVSS 10 CRITICAL

The Siveillance Open Interface Services (OIS) application used for integration of different subsystems to several Siemens building management systems contains a command injection vulnerability that could allow a remote unauthenticated attacker to execute code on the affected system with root privileges. Siemens has released patches and updates for Siveillance OIS to apply to the products that incorporate the OIS service, and recommends to update to the latest versions.

Risk Scores

CVSS v3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	Operation Scheduler
	Siveillance Control Pro
	Siveillance Control
	GMA-Manager
	Desigo CC

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-535380.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-535380.json advisory
https://support.industry.siemens.com/cs/ww/en/view/109799908/ fix

Open in Interactive Console →