Siemens Siveillance OIS Operating System Command Injection Vulnerability

Siemens Desigo CC is an open building management platform from Siemens, Germany.GMA Manager allows the functional combination of different safety and security systems, such as fire detection systems and video surveillance, on a common platform.Operation Scheduler is a tool that enables security operators to intelligently perform daily tasks. Siveillance Control is a physical security information management system (PSIM) Siveillance Control Pro is a command and control solution Siveillance Open Interface Services (OIS) is an interface and integration platform It is used to integrate subsystems into management stations. Siemens Siveillance OIS is vulnerable to an operating system command injection vulnerability, which is caused by an affected application incorrectly neutralizing a specific element in a specific HTTP GET request, which can be exploited by an unauthenticated remote attacker to execute arbitrary code on the system with root privileges.