cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2022-33139,https://securityvulnerability.io/vulnerability/CVE-2022-33139,Client-Side Authentication Vulnerability in Cerberus DMS and Desigo Products by Siemens,"A vulnerability has been discovered in various Siemens products, including Cerberus DMS and Desigo systems, which utilize client-side only authentication. When server-side authentication or Kerberos is not activated, attackers can potentially masquerade as legitimate users or manipulate the client-server communication protocol without proper authentication checks. This flaw emphasizes the critical importance of implementing robust authentication mechanisms in both default and non-default configurations of affected products to safeguard against unauthorized access and exploitation.",Siemens,"Cerberus Dms,Desigo Cc,Desigo Cc Compact,Simatic Wincc Oa V3.16,Simatic Wincc Oa V3.17,Simatic Wincc Oa V3.18",9.8,CRITICAL,0.0016700000269338489,false,,false,false,false,,,false,false,,2022-06-21T00:00:00.000Z,0 CVE-2021-37181,https://securityvulnerability.io/vulnerability/CVE-2021-37181,Arbitrary Deserialization Vulnerability in Cerberus DMS and Desigo CC Products,"A vulnerability in Cerberus DMS and Desigo CC products allows for arbitrary deserialization of untrusted data due to insufficient validation measures. This security flaw can be exploited by an unauthenticated attacker, potentially leading to code execution on the affected systems. Both the CCOM communication component, responsible for facilitating Windows App / Click-Once and IE Web / XBAP client connectivity, are particularly vulnerable, emphasizing the need for prompt updates to mitigate potential exploits.",Siemens,"Cerberus Dms V4.0,Cerberus Dms V4.1,Cerberus Dms V4.2,Cerberus Dms V5.0,Desigo Cc Compact V4.0,Desigo Cc Compact V4.1,Desigo Cc Compact V4.2,Desigo Cc Compact V5.0,Desigo Cc V4.0,Desigo Cc V4.1,Desigo Cc V4.2,Desigo Cc V5.0",10,CRITICAL,0.0021800000686198473,false,,false,false,false,,,false,false,,2021-09-14T10:47:46.000Z,0 CVE-2021-31891,https://securityvulnerability.io/vulnerability/CVE-2021-31891,Command Injection Vulnerability in Siemens Desigo CC and Related Products,A command injection vulnerability exists in multiple Siemens products that utilize the OIS Extension Module. This issue arises from the application's failure to properly neutralize special elements within specific HTTP GET requests. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges on the affected systems. It is crucial for users and administrators to implement measures to mitigate the risk associated with this vulnerability.,Siemens,"Desigo Cc,Gma-manager,Operation Scheduler,Siveillance Control,Siveillance Control Pro",10,CRITICAL,0.0029700000304728746,false,,false,false,false,,,false,false,,2021-09-14T10:47:31.000Z,0 CVE-2020-10055,https://securityvulnerability.io/vulnerability/CVE-2020-10055,Remote Code Execution Vulnerability in Siemens Desigo CC and Compact,"A vulnerability has been found in Siemens Desigo CC and Compact systems, where an unauthenticated attacker could exploit the Advanced Reporting Engine through a third-party component (BIRT). If enabled, this could lead to the execution of arbitrary commands with SYSTEM privileges on the server, posing significant risks to overall system integrity and security.",Siemens,"Desigo Cc,Desigo Cc Compact",9.8,CRITICAL,0.11947999894618988,false,,false,false,false,,,false,false,,2020-08-14T15:24:06.000Z,0