Unrated severityNVD Advisory· Published Sep 14, 2021· Updated Aug 3, 2024
CVE-2021-31891
CVE-2021-31891
Description
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
Affected products
9(expand)+ 1 more
- (no CPE)
- (no CPE)range: All versions with OIS running on Debian 9 or earlier
(expand)+ 1 more
- (no CPE)
- (no CPE)range: All versions with OIS running on Debian 9 or earlier
(expand)+ 2 more
- (no CPE)
- (no CPE)range: All versions with OIS running on Debian 9 or earlier
- (no CPE)range: All versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: All versions with OIS Extension Module
Patches
Vulnerability mechanics
References
1- cert-portal.siemens.com/productcert/pdf/ssa-535380.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.