CVE-2021-37181
First published: Tue Sep 14 2021(Updated: )
A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Cerberus Dms | =4.0 | |
| Siemens Cerberus Dms | =4.1 | |
| Siemens Cerberus Dms | =4.2 | |
| Siemens Cerberus Dms | =5.0 | |
| Siemens Desigo Cc | =4.0 | |
| Siemens Desigo Cc | =4.1 | |
| Siemens Desigo Cc | =4.2 | |
| Siemens Desigo Cc | =5.0 | |
| Siemens Desigo Cc Compact | =4.0 | |
| Siemens Desigo Cc Compact | =4.1 | |
| Siemens Desigo Cc Compact | =4.2 | |
| Siemens Desigo Cc Compact | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-37181?
CVE-2021-37181 is a vulnerability identified in Cerberus DMS V4.0 (All versions) and Cerberus DMS V4.1 (All versions), among others.
What software versions are affected by CVE-2021-37181?
CVE-2021-37181 affects Cerberus DMS V4.0, Cerberus DMS V4.1, Cerberus DMS V4.2, Cerberus DMS V5.0 (versions below v5.0 QU1), Desigo CC Compact V4.0, Desigo CC Compact V4.1, Desigo CC Compact V4.2, and Desigo CC Compact V5.0.
How severe is CVE-2021-37181?
CVE-2021-37181 has a severity rating of critical.
What is the Common Weakness Enumeration (CWE) for CVE-2021-37181?
The CWE for CVE-2021-37181 is CWE-502.
Where can I find more information about CVE-2021-37181?
You can find more information about CVE-2021-37181 at the following reference: [https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf)
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- agent/softwarecombine
- vendor/siemens
- canonical/siemens cerberus dms
- version/siemens cerberus dms/4.0
- version/siemens cerberus dms/4.1
- version/siemens cerberus dms/4.2
- version/siemens cerberus dms/5.0
- canonical/siemens desigo cc
- version/siemens desigo cc/4.0
- version/siemens desigo cc/4.1
- version/siemens desigo cc/4.2
- version/siemens desigo cc/5.0
- canonical/siemens desigo cc compact
- version/siemens desigo cc compact/4.0
- version/siemens desigo cc compact/4.1
- version/siemens desigo cc compact/4.2
- version/siemens desigo cc compact/5.0