Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for cerberus_dms by siemens

    CVE-2022-33139 (GCVE-0-2022-33139)

    Vulnerability from nvd – Published: 2022-06-21 00:00 – Updated: 2024-08-03 08:01
    VLAI
    Summary
    A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
    Severity
    No CVSS data available.
    CWE
    • CWE-603 - Use of Client-Side Authentication
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:01:20.028Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836027.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cerberus DMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC Compact",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "SIMATIC WinCC OA V3.16",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions in default configuration"
                }
              ]
            },
            {
              "product": "SIMATIC WinCC OA V3.17",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions in non-default configuration"
                }
              ]
            },
            {
              "product": "SIMATIC WinCC OA V3.18",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions in non-default configuration"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-603",
                  "description": "CWE-603: Use of Client-Side Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836027.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-33139",
        "datePublished": "2022-06-21T00:00:00.000Z",
        "dateReserved": "2022-06-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:01:20.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-37181 (GCVE-0-2021-37181)

    Vulnerability from nvd – Published: 2021-09-14 10:47 – Updated: 2024-08-04 01:16
    VLAI
    Summary
    A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:16:03.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cerberus DMS V4.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Cerberus DMS V4.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Cerberus DMS V4.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Cerberus DMS V5.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c v5.0 QU1"
                }
              ]
            },
            {
              "product": "Desigo CC Compact V4.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC Compact V4.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC Compact V4.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC Compact V5.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V5.0 QU1"
                }
              ]
            },
            {
              "product": "Desigo CC V4.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC V4.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC V4.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC V5.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V5.0 QU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions \u003c v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions \u003c V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions \u003c V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-14T10:47:46.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-37181",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cerberus DMS V4.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cerberus DMS V4.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cerberus DMS V4.2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cerberus DMS V5.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c v5.0 QU1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC Compact V4.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC Compact V4.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC Compact V4.2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC Compact V5.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V5.0 QU1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC V4.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC V4.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC V4.2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC V5.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V5.0 QU1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions \u003c v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions \u003c V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions \u003c V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-37181",
        "datePublished": "2021-09-14T10:47:46.000Z",
        "dateReserved": "2021-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:16:03.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33139 (GCVE-0-2022-33139)

    Vulnerability from cvelistv5 – Published: 2022-06-21 00:00 – Updated: 2024-08-03 08:01
    VLAI
    Summary
    A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
    Severity
    No CVSS data available.
    CWE
    • CWE-603 - Use of Client-Side Authentication
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:01:20.028Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836027.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cerberus DMS",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC Compact",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "SIMATIC WinCC OA V3.16",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions in default configuration"
                }
              ]
            },
            {
              "product": "SIMATIC WinCC OA V3.17",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions in non-default configuration"
                }
              ]
            },
            {
              "product": "SIMATIC WinCC OA V3.18",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions in non-default configuration"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-603",
                  "description": "CWE-603: Use of Client-Side Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836027.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2022-33139",
        "datePublished": "2022-06-21T00:00:00.000Z",
        "dateReserved": "2022-06-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:01:20.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-37181 (GCVE-0-2021-37181)

    Vulnerability from cvelistv5 – Published: 2021-09-14 10:47 – Updated: 2024-08-04 01:16
    VLAI
    Summary
    A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:16:03.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cerberus DMS V4.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Cerberus DMS V4.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Cerberus DMS V4.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Cerberus DMS V5.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c v5.0 QU1"
                }
              ]
            },
            {
              "product": "Desigo CC Compact V4.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC Compact V4.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC Compact V4.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC Compact V5.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V5.0 QU1"
                }
              ]
            },
            {
              "product": "Desigo CC V4.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC V4.1",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC V4.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "Desigo CC V5.0",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V5.0 QU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions \u003c v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions \u003c V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions \u003c V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-14T10:47:46.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-37181",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cerberus DMS V4.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cerberus DMS V4.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cerberus DMS V4.2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cerberus DMS V5.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c v5.0 QU1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC Compact V4.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC Compact V4.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC Compact V4.2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC Compact V5.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V5.0 QU1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC V4.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC V4.1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC V4.2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Desigo CC V5.0",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V5.0 QU1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions \u003c v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions \u003c V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions \u003c V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-502: Deserialization of Untrusted Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-37181",
        "datePublished": "2021-09-14T10:47:46.000Z",
        "dateReserved": "2021-07-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:16:03.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }