RCE in Siemens Desigo Cc
CVE-2021-31891
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Sive…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.046 (89.4th percentile) — read the EPSS interpretation.
Affected products
- Siemens Desigo Cc — versions All versions with OIS Extension Module
- Siemens Gma-manager — versions All versions with OIS running on Debian 9 or earlier
- Siemens Operation Scheduler — versions All versions with OIS running on Debian 9 or earlier
- Siemens Siveillance Control — versions All versions with OIS running on Debian 9 or earlier
- Siemens Siveillance Control Pro — versions All versions
Weakness classification (CWE)
References
- cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf (x_refsource_MISC)