CVE-2021-31891 - OpenCVE

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Operation Scheduler Desigo Cc Gma-manager Siveillance Control Pro Siveillance Control
Debian	Debian Linux

Configuration 1 [-]

OR	cpe:2.3:a:siemens:desigo_cc::::::::
	cpe:2.3:a:siemens:siveillance_control_pro::::::::

Configuration 2 [-]

AND

OR	cpe:2.3:a:siemens:gma-manager::::::::
	cpe:2.3:a:siemens:operation_scheduler::::::::
	cpe:2.3:a:siemens:siveillance_control::::::::

cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2021-09-14T10:47:31

Updated: 2021-09-14T10:47:31

Reserved: 2021-04-29T00:00:00

Link: CVE-2021-31891

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-14T11:15:24.023

Modified: 2021-09-28T16:48:53.480

Link: CVE-2021-31891

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "Desigo CC", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions with OIS Extension Module"}]}, {"product": "GMA-Manager", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions with OIS running on Debian 9 or earlier"}]}, {"product": "Operation Scheduler", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions with OIS running on Debian 9 or earlier"}]}, {"product": "Siveillance Control", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions with OIS running on Debian 9 or earlier"}]}, {"product": "Siveillance Control Pro", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-14T10:47:31", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-31891", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Desigo CC", "version": {"version_data": [{"version_value": "All versions with OIS Extension Module"}]}}, {"product_name": "GMA-Manager", "version": {"version_data": [{"version_value": "All versions with OIS running on Debian 9 or earlier"}]}}, {"product_name": "Operation Scheduler", "version": {"version_data": [{"version_value": "All versions with OIS running on Debian 9 or earlier"}]}}, {"product_name": "Siveillance Control", "version": {"version_data": [{"version_value": "All versions with OIS running on Debian 9 or earlier"}]}}, {"product_name": "Siveillance Control Pro", "version": {"version_data": [{"version_value": "All versions"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-31891", "datePublished": "2021-09-14T10:47:31", "dateReserved": "2021-04-29T00:00:00", "dateUpdated": "2021-09-14T10:47:31", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:desigo_cc:*:*:*:*:*:*:*:*", "matchCriteriaId": "90D75ECA-E171-42BD-A475-A1DD4B9BE013", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D1D6B61-1F17-4008-9DFB-EF419777768E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2504273-D83D-462E-A8CF-09107517D75D", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFB86317-9626-454A-89D3-2B96FDF84CC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:siveillance_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5A18694-B44A-424A-8811-0D0E4FD729A8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "B79BD779-60A5-43A8-9229-07C11A3167AA", "versionEndIncluding": "9.0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Desigo CC (Todas las versiones con m\u00f3dulo de extensi\u00f3n OIS), GMA-Manager (Todas las versiones con OIS que se ejecutan en Debian 9 o anterior), Operation Scheduler (Todas las versiones con OIS que se ejecutan en Debian 9 o anterior), Siveillance Control (Todas las versiones con OIS que se ejecutan en Debian 9 o anterior), Siveillance Control Pro (Todas las versiones). La aplicaci\u00f3n afectada neutraliza incorrectamente elementos especiales en una petici\u00f3n HTTP GET espec\u00edfica que podr\u00eda conllevar a una inyecci\u00f3n de comandos. Un atacante remoto no autenticado podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema con privilegios de root"}], "id": "CVE-2021-31891", "lastModified": "2021-09-28T16:48:53.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-14T11:15:24.023", "references": [{"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "productcert@siemens.com", "type": "Primary"}]}