N/A

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.

N/A

可信数据的反序列化

多款 Siemens 产品代码问题漏洞

Siemens Desigo CC和Cerberus DMS都是德国西门子（Siemens）公司的产品。Siemens Desigo CC是一款开放式楼宇管理平台,用于产生舒适、安全和高效的设施。Cerberus DMS是一个可定制的危险管理站，使建筑保护更智能、更轻松、更高效。 多款 Siemens 产品存在代码问题漏洞，该漏洞源于未对序列化数据做有效验证。攻击者可通过该漏洞导致任意代码执行。以下产品及版本受到影响: Cerberus DMS V4.0、Cerberus DMS V4.1 、Cerber

N/A

N/A