CVE-2020-10055
published 2020-08-14CVE-2020-10055: A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.98%
92.4th percentile
A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | desigo_consumption_control | — | — |
| siemens | desigo_consumption_control | — | — |
| siemens | desigo_consumption_control_compact | — | — |
| siemens | desigo_consumption_control_compact | — | — |
| siemens_ag | desigo_cc | — | — |
| siemens_ag | desigo_cc | — | — |
| siemens_ag | desigo_cc_compact | — | — |
| siemens_ag | desigo_cc_compact | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is only exploitable when the Advanced Reporting Engine (BIRT) extension module is enabled/installed on Desigo CC or Desigo CC Compact. Detection should focus on identifying whether this module is active and whether unauthenticated remote requests are being made to its endpoints. ↗
- →The vulnerability allows unauthenticated remote attackers to execute arbitrary commands with SYSTEM privileges. Monitor for unexpected SYSTEM-level process spawning from the Desigo CC application server process, especially child processes initiated by the BIRT reporting component. ↗
- →No known public exploits exist as of the advisory date; however, the attack vector is network-based with no authentication required and low complexity. Prioritize monitoring inbound network traffic to Desigo CC servers for anomalous or unexpected requests targeting reporting engine endpoints. ↗
- ·The vulnerability is only present and exploitable if the Advanced Reporting Engine (BIRT) extension module is installed and enabled. Systems where this module has not been installed are not affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Desigo CC
cisa_ics·2020-08-11·CVSS 9.8
[CRITICAL] Siemens Desigo CC
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Desigo CC
Last RevisedAugust 11, 2020
Alert CodeICSA-20-224-06
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: Desigo CC
- Vulnerability: Code Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to gain remote code execution on the server with SYSTEM privileges.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Siemens products and versions are affected:
- Desigo CC: Versions 3.x and 4.x, and
- Desigo CC Compact: Vers
GHSA
GHSA-g358-8jhp-hpv2: A vulnerability has been identified in Desigo CC (V4
ghsa_unreviewed·2022-05-24
CVE-2020-10055 [HIGH] GHSA-g358-8jhp-hpv2: A vulnerability has been identified in Desigo CC (V4
A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-08-14
Published