SSA-535380
Vulnerability from csaf_siemens - Published: 2021-09-14 00:00 - Updated: 2021-09-14 00:00Summary
SSA-535380: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems
Notes
Summary
The Siveillance Open Interface Services (OIS) application used for integration of different subsystems to several Siemens building management systems contains a command injection vulnerability that could allow a remote unauthenticated attacker to execute code on the affected system with root privileges.
Siemens has released patches and updates for Siveillance OIS to apply to the products that incorporate the OIS service, and recommends to update to the latest versions.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "Siemens Security Advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "The Siveillance Open Interface Services (OIS) application used for integration of different subsystems to several Siemens building management systems contains a command injection vulnerability that could allow a remote unauthenticated attacker to execute code on the affected system with root privileges.\n\nSiemens has released patches and updates for Siveillance OIS to apply to the products that incorporate the OIS service, and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-535380: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
},
{
"category": "self",
"summary": "SSA-535380: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-535380.txt"
},
{
"category": "self",
"summary": "SSA-535380: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-535380.json"
}
],
"title": "SSA-535380: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems",
"tracking": {
"current_release_date": "2021-09-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-535380",
"initial_release_date": "2021-09-14T00:00:00Z",
"revision_history": [
{
"date": "2021-09-14T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "All versions with OIS Extension Module",
"product": {
"name": "Desigo CC",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Desigo CC"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions with OIS running on Debian 9 or earlier",
"product": {
"name": "GMA-Manager",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "GMA-Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions with OIS running on Debian 9 or earlier",
"product": {
"name": "Operation Scheduler",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Operation Scheduler"
},
{
"branches": [
{
"category": "product_version_range",
"name": "All versions with OIS running on Debian 9 or earlier",
"product": {
"name": "Siveillance Control",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Siveillance Control"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Siveillance Control Pro",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "Siveillance Control Pro"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31891",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection.\n\nAn unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"references": [
{
"summary": "CVE-2021-31891 - Desigo CC",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799908/"
},
{
"summary": "CVE-2021-31891 - GMA-Manager",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799908/"
},
{
"summary": "CVE-2021-31891 - Operation Scheduler",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799908/"
},
{
"summary": "CVE-2021-31891 - Siveillance Control",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799908/"
},
{
"summary": "CVE-2021-31891 - Siveillance Control Pro",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799908/"
},
{
"summary": "CVE-2021-31891 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31891.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update the OIS to V2.5.3 or apply the patch",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799908/"
},
{
"category": "vendor_fix",
"details": "Update the OIS to V2.5.3 or V2.6.1, or apply the patch",
"product_ids": [
"4"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799908/"
},
{
"category": "vendor_fix",
"details": "Update the OIS to V2.5.3 or V2.6.0, or apply the patch",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109799908/"
},
{
"category": "mitigation",
"details": "Ensure that the systems where Siveillance OIS is installed are only accessible by trusted personnel",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "Restrict access to the affected systems, especially to port 443/tcp, to trusted IP addresses only",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2021-31891"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…