Vulnerability Description
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Cerberus Dms | 4.0 |
| Siemens | Desigo Cc | 4.0 |
| Siemens | Desigo Cc Compact | 4.0 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdfPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdfPatchVendor Advisory
FAQ
What is CVE-2021-37181?
CVE-2021-37181 is a vulnerability with a CVSS score of 10.0 (CRITICAL). A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Comp...
How severe is CVE-2021-37181?
CVE-2021-37181 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-37181?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Cerberus Dms, Siemens Desigo Cc, Siemens Desigo Cc Compact.