CVE-2021-37181Deserialization of Untrusted Data in Siemens Cerberus DMS V4.0

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
1.1%
top 21.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Siemens Cerberus DMS V4.0Siemens Cerberus DMS V4.1Siemens Cerberus DMS V4.2+12 more
Timeline
PublishedSep 14
Latest updateMay 24

Description

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The applicat

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages15 packages

NVDsiemens/desigo_cc_compact4 versions+3
CVEListV5siemens/desigo_cc_compact_v4.0All versions
CVEListV5siemens/desigo_cc_compact_v4.1All versions
CVEListV5siemens/desigo_cc_compact_v4.2All versions
CVEListV5siemens/desigo_cc_compact_v5.0All versions < V5.0 QU1

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-xxcg-h8cr-979m: A vulnerability has been identified in Cerberus DMS V42022-05-24
CVEList
CVE-2021-37181: A vulnerability has been identified in Cerberus DMS V42021-09-14
CVE-2021-37181 — Deserialization of Untrusted Data | cvebase