cbcvebase.
CVE-2021-31891
published 2021-09-14

CVE-2021-31891: A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier)…

PriorityP274critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
3.84%
88.8th percentile
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

Affected

5 ranges
VendorProductVersion rangeFixed in
siemensdesigo_cc
siemensgma-manager
siemensoperation_scheduler
siemenssiveillance_control
siemenssiveillance_control_pro

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered via a specific HTTP GET request containing improperly neutralized special elements — monitor for anomalous or shell-metacharacter-laden GET requests to the OIS web interface on Port 443/TCP.
  • Restrict and monitor inbound traffic to Port 443/TCP on systems running Siveillance OIS; unauthenticated exploitation arrives over this port.
  • Alert on any process spawned with root privileges from the OIS web service process, as successful exploitation results in arbitrary code execution as root.
  • ·No known public exploits specifically target this vulnerability at time of advisory publication.
  • ·Affected scope is limited to products running the OIS Extension Module/service; GMA-Manager, Operation Scheduler, and Siveillance Control are only affected when OIS runs on Debian 9 or earlier, while Siveillance Control Pro is affected on all versions.
  • ·The CVSS v3 base score is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), reflecting network-reachable, unauthenticated, zero-interaction exploitation with full impact across scope.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.