VAR-202508-2172
Vulnerability from variot - Updated: 2025-08-26 23:32The Desigo CC product family includes Desigo CC (an integrated building management platform for managing high-performance buildings), Desigo CC Compact (a solution tailored for small and medium-sized buildings), Desigo CC Connect (a software gateway based on the Desigo CC platform), and Cerberus DMS (a hazard management station that helps users manage fire safety and security incidents). SENTRON Powermanager power monitoring software analyzes energy consumption by displaying key characteristics of individual devices and the entire system in an easy-to-understand dashboard.
A privilege escalation vulnerability exists in the SIEMENS Desigo CC family and SENTRON Powermanager, which could be exploited by an attacker to escalate privileges.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202508-2172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desigo cc family all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.0"
},
{
"model": "desigo cc family all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.1"
},
{
"model": "desigo cc family all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v6"
},
{
"model": "desigo cc family all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v7"
},
{
"model": "desigo cc family all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v8"
},
{
"model": "sentron powermanager all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5"
},
{
"model": "sentron powermanager all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v6"
},
{
"model": "sentron powermanager all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v7"
},
{
"model": "sentron powermanager all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-19353",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2025-19353",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Desigo CC product family includes Desigo CC (an integrated building management platform for managing high-performance buildings), Desigo CC Compact (a solution tailored for small and medium-sized buildings), Desigo CC Connect (a software gateway based on the Desigo CC platform), and Cerberus DMS (a hazard management station that helps users manage fire safety and security incidents). SENTRON Powermanager power monitoring software analyzes energy consumption by displaying key characteristics of individual devices and the entire system in an easy-to-understand dashboard.\n\nA privilege escalation vulnerability exists in the SIEMENS Desigo CC family and SENTRON Powermanager, which could be exploited by an attacker to escalate privileges.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SIEMENS",
"id": "SSA-201595",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2025-19353",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
]
},
"id": "VAR-202508-2172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
]
},
"last_update_date": "2025-08-26T23:32:58.952000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for SIEMENS Desigo CC family and SENTRON Powermanager privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/723026"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-201595.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-19353"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-19353"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIEMENS Desigo CC family and SENTRON Powermanager privilege escalation vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19353"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…