{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T22:39:24.430","vulnerabilities":[{"cve":{"id":"CVE-2021-31891","sourceIdentifier":"productcert@siemens.com","published":"2021-09-14T11:15:24.023","lastModified":"2024-11-21T06:06:26.703","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en Desigo CC (Todas las versiones con módulo de extensión OIS), GMA-Manager (Todas las versiones con OIS que se ejecutan en Debian 9 o anterior), Operation Scheduler (Todas las versiones con OIS que se ejecutan en Debian 9 o anterior), Siveillance Control (Todas las versiones con OIS que se ejecutan en Debian 9 o anterior), Siveillance Control Pro (Todas las versiones). La aplicación afectada neutraliza incorrectamente elementos especiales en una petición HTTP GET específica que podría conllevar a una inyección de comandos. Un atacante remoto no autenticado podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema con privilegios de root"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:desigo_cc:*:*:*:*:*:*:*:*","matchCriteriaId":"90D75ECA-E171-42BD-A475-A1DD4B9BE013"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*","matchCriteriaId":"6D1D6B61-1F17-4008-9DFB-EF419777768E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*","matchCriteriaId":"E2504273-D83D-462E-A8CF-09107517D75D"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*","matchCriteriaId":"DFB86317-9626-454A-89D3-2B96FDF84CC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:siveillance_control:*:*:*:*:*:*:*:*","matchCriteriaId":"F5A18694-B44A-424A-8811-0D0E4FD729A8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0","matchCriteriaId":"B79BD779-60A5-43A8-9229-07C11A3167AA"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf","source":"productcert@siemens.com","tags":["Patch","Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}