Siemens recommends applying updates where applicable to the following products: Markus Wulftange from Code White GmbH reported this vulnerability to Siemens. CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Government Facilities.A CVSS v3 base score of 10.0 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The CCOM communication component used for Windows App / Click-Once and IE Web /XBAP client connectivity are affected by this vulnerability.ĬVE-2021-37181 has been assigned to this vulnerability. This could allow an unauthenticated attacker to execute code in the affected system. The application deserializes untrusted data without sufficient validations, which could result in an arbitrary deserialization. Desigo CC v5.0: All versions prior to v5.0 QU1ģ.2 VULNERABILITY OVERVIEW 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502.Desigo CC Compact v5.0: All versions prior to v5.0 QU1.Cerberus DMS v5.0: All versions prior to v5.0 QU1.The following Siemens danger management station products are affected: Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. Vulnerability: Deserialization of Untrusted Data.ATTENTION: Exploitable remotely/low attack complexity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |