cbcvebase.
CVE-2021-37181
published 2021-09-14

CVE-2021-37181: A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0…

PriorityP266critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.83%
76.2th percentile
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.

Affected

24 ranges
VendorProductVersion rangeFixed in
siemenscerberus_dms
siemenscerberus_dms
siemenscerberus_dms
siemenscerberus_dms
siemenscerberus_dms_v4.0
siemenscerberus_dms_v4.1
siemenscerberus_dms_v4.2
siemenscerberus_dms_v5.0
siemensdesigo_cc
siemensdesigo_cc
siemensdesigo_cc
siemensdesigo_cc
siemensdesigo_cc_compact
siemensdesigo_cc_compact
siemensdesigo_cc_compact
siemensdesigo_cc_compact
siemensdesigo_cc_compact_v4.0
siemensdesigo_cc_compact_v4.1
siemensdesigo_cc_compact_v4.2
siemensdesigo_cc_compact_v5.0
siemensdesigo_cc_v4.0
siemensdesigo_cc_v4.1
siemensdesigo_cc_v4.2
siemensdesigo_cc_v5.0

Detection & IOCsextracted from sources · hover to see the quote

  • The CCOM communication component is the attack surface; block or monitor the CCOM port for unexpected inbound/outbound connections as an indicator of exploitation attempts.
  • Exploitation vector is unauthenticated remote deserialization via the CCOM component serving Windows App / Click-Once and IE Web / XBAP clients; monitor for anomalous process spawning from the CCOM service process as a post-exploitation indicator.
  • No authentication is required to trigger the vulnerability; any unauthenticated connection to the CCOM port delivering serialized data should be treated as suspicious.
  • ·No known public exploits exist for this CVE at time of advisory publication; threat is theoretical but critical (CVSS 10.0).
  • ·The CCOM port number is not explicitly stated in the sources; defenders must identify the specific port in their Desigo CC / Cerberus DMS deployment configuration before writing port-based firewall or detection rules.
  • ·Products on v3.x or older will not receive patches; the only remediation path is upgrade to v5.0 QU1 or newer.
  • ·Disabling the Web Application and Web Client from SMC eliminates the attack surface entirely but also disables Windows App and IE XBAP Web Client functionality.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.