cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-33139,https://securityvulnerability.io/vulnerability/CVE-2022-33139,Client-Side Authentication Vulnerability in Cerberus DMS and Desigo Products by Siemens,"A vulnerability has been discovered in various Siemens products, including Cerberus DMS and Desigo systems, which utilize client-side only authentication. When server-side authentication or Kerberos is not activated, attackers can potentially masquerade as legitimate users or manipulate the client-server communication protocol without proper authentication checks. This flaw emphasizes the critical importance of implementing robust authentication mechanisms in both default and non-default configurations of affected products to safeguard against unauthorized access and exploitation.",Siemens,"Cerberus Dms,Desigo Cc,Desigo Cc Compact,Simatic Wincc Oa V3.16,Simatic Wincc Oa V3.17,Simatic Wincc Oa V3.18",9.8,CRITICAL,0.0016700000269338489,false,,false,false,false,,false,false,2022-06-21T00:00:00.000Z,0
CVE-2021-37181,https://securityvulnerability.io/vulnerability/CVE-2021-37181,,"A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.",Siemens,"Cerberus Dms V4.0,Cerberus Dms V4.1,Cerberus Dms V4.2,Cerberus Dms V5.0,Desigo Cc Compact V4.0,Desigo Cc Compact V4.1,Desigo Cc Compact V4.2,Desigo Cc Compact V5.0,Desigo Cc V4.0,Desigo Cc V4.1,Desigo Cc V4.2,Desigo Cc V5.0",10,CRITICAL,0.0030900000128895044,false,,false,false,false,,false,false,2021-09-14T10:47:46.000Z,0
CVE-2020-10055,https://securityvulnerability.io/vulnerability/CVE-2020-10055,,"A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.",Siemens,"Desigo Cc,Desigo Cc Compact",9.8,CRITICAL,0.11947999894618988,false,,false,false,false,,false,false,2020-08-14T15:24:06.000Z,0