CVE-2021-37181 Information

Description

A vulnerability has been identified in Cerberus DMS V4.0 (All versions) Cerberus DMS V4.1 (All versions) Cerberus DMS V4.2 (All versions) Cerberus DMS V5.0 (All versions < v5.0 QU1) Desigo CC Compact V4.0 (All versions) Desigo CC Compact V4.1 (All versions) Desigo CC Compact V4.2 (All versions) Desigo CC Compact V5.0 (All versions < V5.0 QU1) Desigo CC V4.0 (All versions) Desigo CC V4.1 (All versions) Desigo CC V4.2 (All versions) Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

10.0