Siemens Desigo CC Product Family and SENTRON Powermanager

SUMMARY Versions V6.0 through V8 QU1 of the Desigo CC product family Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS, as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime...

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

EUVD-2021-18766

Malware in sbrugna...

EUVD-2020-2520

Malware in sbrugna...

EUVD-2021-23755

Malware in sbrugna...

EUVD-2024-21268

Malicious code in bioql PyPI...

Siemens Desigo CC Product Family and SENTRON Powermanager

SUMMARY Versions V5.0 through V8 of the Desigo CC product family Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS, as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful...

The vulnerability of the Desigo CC software platform lies in the lack of authentication for critical functions, allowing attackers to execute arbitrary code by sending specially crafted network requests.

The vulnerability of the Desigo CC software platform is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted network requests...

CVE-2021-37181

A vulnerability has been identified in Cerberus DMS V4.0 All versions, Cerberus DMS V4.1 All versions, Cerberus DMS V4.2 All versions, Cerberus DMS V5.0 All versions v5.0 QU1, Desigo CC Compact V4.0 All versions, Desigo CC Compact V4.1 All versions, Desigo CC Compact V4.2 All versions, Desigo CC...

CVE-2020-10055

A vulnerability has been identified in Desigo CC V4.x, Desigo CC V3.x, Desigo CC Compact V4.x, Desigo CC Compact V3.x. Affected applications are delivered with a 3rd party component BIRT that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Apogee, BacNet ATEC, Desigo CC, Intralog, OZW, Polarion, RUGGEDCOM, SICAM, SIMATIC, SIPROTEC, SIRIUS, Teamcenter and Versicharge The vulnerabilities potentially enable a malicious person to launch attacks that could result in the...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...

CVE-2024-23815

The CVE-2024-23815 entry concerns Siemens Desigo CC. Affected: Desigo CC server (all versions) where Installed Clients can reach the server from networks outside a highly protected zone, or only within highly protected zones. Issue: the server fails to authenticate certain client requests, allowi...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...

PT-2025-20843 · Siemens · Desigo Cc

Name of the Vulnerable Software and Affected Versions: Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly...

Siemens Desigo

SUMMARY Desigo CC deployments that use Installed Client are impacted by an information disclosure vulnerability which could result in information leak from the Desigo CC server. The other Desigo CC client options, Windows App Client and Flex Client, are not affected by this vulnerability...

Siemens Desigo CC 访问控制错误漏洞

Siemens Desigo CC is an open building management platform from Siemens, Germany, used to produce comfortable, safe and efficient facilities. An access control error vulnerability exists in Siemens Desigo CC, which stems from the server application not validating a specific client request, which...

Siemens Desigo CC product family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...