← Back

CVE-2021-37181

nvd nist
Published: Sep 14, 2021Modified: Nov 21, 2024

JSON object

Loading...
10.0
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 6.0
Source: NVD

Description

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.

Affected (12)

Siemens
3 products
Cerberus Dms
Desigo Cc
Desigo Cc Compact
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Siemens
Cerberus Dms
Version 4.0
Cerberus Dms
Version 4.1
Cerberus Dms
Version 4.2
Cerberus Dms
Version 5.0
Siemens
Desigo Cc
Version 4.0
Desigo Cc
Version 4.1
Desigo Cc
Version 4.2
Desigo Cc
Version 5.0
Siemens
Desigo Cc Compact
Version 4.0
Desigo Cc Compact
Version 4.1
Desigo Cc Compact
Version 4.2
Desigo Cc Compact
Version 5.0

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

Source: productcert@siemens.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.