CVE-2021-37181
published 2021-09-14CVE-2021-37181: A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0…
PriorityP266critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.83%
76.2th percentile
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | cerberus_dms | — | — |
| siemens | cerberus_dms | — | — |
| siemens | cerberus_dms | — | — |
| siemens | cerberus_dms | — | — |
| siemens | cerberus_dms_v4.0 | — | — |
| siemens | cerberus_dms_v4.1 | — | — |
| siemens | cerberus_dms_v4.2 | — | — |
| siemens | cerberus_dms_v5.0 | — | — |
| siemens | desigo_cc | — | — |
| siemens | desigo_cc | — | — |
| siemens | desigo_cc | — | — |
| siemens | desigo_cc | — | — |
| siemens | desigo_cc_compact | — | — |
| siemens | desigo_cc_compact | — | — |
| siemens | desigo_cc_compact | — | — |
| siemens | desigo_cc_compact | — | — |
| siemens | desigo_cc_compact_v4.0 | — | — |
| siemens | desigo_cc_compact_v4.1 | — | — |
| siemens | desigo_cc_compact_v4.2 | — | — |
| siemens | desigo_cc_compact_v5.0 | — | — |
| siemens | desigo_cc_v4.0 | — | — |
| siemens | desigo_cc_v4.1 | — | — |
| siemens | desigo_cc_v4.2 | — | — |
| siemens | desigo_cc_v5.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The CCOM communication component is the attack surface; block or monitor the CCOM port for unexpected inbound/outbound connections as an indicator of exploitation attempts. ↗
- →Exploitation vector is unauthenticated remote deserialization via the CCOM component serving Windows App / Click-Once and IE Web / XBAP clients; monitor for anomalous process spawning from the CCOM service process as a post-exploitation indicator. ↗
- →No authentication is required to trigger the vulnerability; any unauthenticated connection to the CCOM port delivering serialized data should be treated as suspicious. ↗
- ·No known public exploits exist for this CVE at time of advisory publication; threat is theoretical but critical (CVSS 10.0). ↗
- ·The CCOM port number is not explicitly stated in the sources; defenders must identify the specific port in their Desigo CC / Cerberus DMS deployment configuration before writing port-based firewall or detection rules. ↗
- ·Products on v3.x or older will not receive patches; the only remediation path is upgrade to v5.0 QU1 or newer. ↗
- ·Disabling the Web Application and Web Client from SMC eliminates the attack surface entirely but also disables Windows App and IE XBAP Web Client functionality. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xxcg-h8cr-979m: A vulnerability has been identified in Cerberus DMS V4
ghsa_unreviewed·2022-05-24
CVE-2021-37181 [CRITICAL] CWE-502 GHSA-xxcg-h8cr-979m: A vulnerability has been identified in Cerberus DMS V4
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connecti
CISA ICS
Siemens Desigo CC Family
cisa_ics·2021-09-22·CVSS 10.0
[CRITICAL] Siemens Desigo CC Family
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Desigo CC Family
Last RevisedSeptember 22, 2021
Alert CodeICSA-21-257-17
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Desigo CC Family
- Vulnerability: Deserialization of Untrusted Data
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Siemens danger management station products are affected:
- Cerberus DMS v4.0: All versions
- Cerberus DMS v4.1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-09-14
Published