Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for siveillance_control by siemens

    CVE-2023-45793 (GCVE-0-2023-45793)

    Vulnerability from nvd – Published: 2024-03-12 10:21 – Updated: 2024-08-02 20:29
    VLAI
    Summary
    A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Siveillance Control Affected: V2.8 , < V3.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T16:19:54.563034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:19:54.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:29:32.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Siveillance Control",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V3.1.1",
                  "status": "affected",
                  "version": "V2.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Siveillance Control (All versions \u003e= V2.8 \u003c V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-12T10:21:46.998Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-45793",
        "datePublished": "2024-03-12T10:21:46.998Z",
        "dateReserved": "2023-10-12T17:15:59.195Z",
        "dateUpdated": "2024-08-02T20:29:32.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31891 (GCVE-0-2021-31891)

    Vulnerability from nvd – Published: 2021-09-14 10:47 – Updated: 2024-08-03 23:10
    VLAI
    Summary
    A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Desigo CC Affected: All versions with OIS Extension Module
    Create a notification for this product.
    Siemens GMA-Manager Affected: All versions with OIS running on Debian 9 or earlier
    Create a notification for this product.
    Siemens Operation Scheduler Affected: All versions with OIS running on Debian 9 or earlier
    Create a notification for this product.
    Siemens Siveillance Control Affected: All versions with OIS running on Debian 9 or earlier
    Create a notification for this product.
    Siemens Siveillance Control Pro Affected: All versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:30.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Desigo CC",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions with OIS Extension Module"
                }
              ]
            },
            {
              "product": "GMA-Manager",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions with OIS running on Debian 9 or earlier"
                }
              ]
            },
            {
              "product": "Operation Scheduler",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions with OIS running on Debian 9 or earlier"
                }
              ]
            },
            {
              "product": "Siveillance Control",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions with OIS running on Debian 9 or earlier"
                }
              ]
            },
            {
              "product": "Siveillance Control Pro",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-14T10:47:31.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-31891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Desigo CC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions with OIS Extension Module"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GMA-Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions with OIS running on Debian 9 or earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Operation Scheduler",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions with OIS running on Debian 9 or earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Siveillance Control",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions with OIS running on Debian 9 or earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Siveillance Control Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-31891",
        "datePublished": "2021-09-14T10:47:31.000Z",
        "dateReserved": "2021-04-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:10:30.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45793 (GCVE-0-2023-45793)

    Vulnerability from cvelistv5 – Published: 2024-03-12 10:21 – Updated: 2024-08-02 20:29
    VLAI
    Summary
    A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Siveillance Control Affected: V2.8 , < V3.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T16:19:54.563034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:19:54.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:29:32.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Siveillance Control",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "V3.1.1",
                  "status": "affected",
                  "version": "V2.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Siveillance Control (All versions \u003e= V2.8 \u003c V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-12T10:21:46.998Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2023-45793",
        "datePublished": "2024-03-12T10:21:46.998Z",
        "dateReserved": "2023-10-12T17:15:59.195Z",
        "dateUpdated": "2024-08-02T20:29:32.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-31891 (GCVE-0-2021-31891)

    Vulnerability from cvelistv5 – Published: 2021-09-14 10:47 – Updated: 2024-08-03 23:10
    VLAI
    Summary
    A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Siemens Desigo CC Affected: All versions with OIS Extension Module
    Create a notification for this product.
    Siemens GMA-Manager Affected: All versions with OIS running on Debian 9 or earlier
    Create a notification for this product.
    Siemens Operation Scheduler Affected: All versions with OIS running on Debian 9 or earlier
    Create a notification for this product.
    Siemens Siveillance Control Affected: All versions with OIS running on Debian 9 or earlier
    Create a notification for this product.
    Siemens Siveillance Control Pro Affected: All versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:10:30.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Desigo CC",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions with OIS Extension Module"
                }
              ]
            },
            {
              "product": "GMA-Manager",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions with OIS running on Debian 9 or earlier"
                }
              ]
            },
            {
              "product": "Operation Scheduler",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions with OIS running on Debian 9 or earlier"
                }
              ]
            },
            {
              "product": "Siveillance Control",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions with OIS running on Debian 9 or earlier"
                }
              ]
            },
            {
              "product": "Siveillance Control Pro",
              "vendor": "Siemens",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-14T10:47:31.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2021-31891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Desigo CC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions with OIS Extension Module"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "GMA-Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions with OIS running on Debian 9 or earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Operation Scheduler",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions with OIS running on Debian 9 or earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Siveillance Control",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions with OIS running on Debian 9 or earlier"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Siveillance Control Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2021-31891",
        "datePublished": "2021-09-14T10:47:31.000Z",
        "dateReserved": "2021-04-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:10:30.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }