A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
[
{
"product": "Desigo CC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions with OIS Extension Module"
}
]
},
{
"product": "GMA-Manager",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions with OIS running on Debian 9 or earlier"
}
]
},
{
"product": "Operation Scheduler",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions with OIS running on Debian 9 or earlier"
}
]
},
{
"product": "Siveillance Control",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions with OIS running on Debian 9 or earlier"
}
]
},
{
"product": "Siveillance Control Pro",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]