CVE-2020-10055

Summary

A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.

Affected Software

VendorProductVersion RangeStatus
Siemens AGDesigo CCV4.xaffected
Siemens AGDesigo CCV3.xaffected
Siemens AGDesigo CC CompactV4.xaffected
Siemens AGDesigo CC CompactV3.xaffected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References