Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones). The affected server application fails to authenticate specific client requests. Modification of the client binary could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database via the event port (default: 4998/tcp)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Siemens Desigo CC 访问控制错误漏洞
Vulnerability Description
Siemens Desigo CC是德国西门子(Siemens)公司的一款开放式楼宇管理平台,用于产生舒适、安全和高效的设施。 Siemens Desigo CC存在访问控制错误漏洞,该漏洞源于服务器应用未验证特定客户端请求,可能导致未经验证的远程攻击者执行任意SQL查询。
CVSS Information
N/A
Vulnerability Type
N/A