CVE-2020-10055
CRITICALSiemens Desigo CC and Desigo CC Compact - Remote Code Execution via BIRT Advanced Reporting Engine
Title source: llmDescription
A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-786743.pdf
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-06
Scores
CVSS v3
9.8
EPSS
0.0270
EPSS Percentile
86.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (4)
siemens/desigo_consumption_control
3.0
siemens/desigo_consumption_control
4.0
siemens/desigo_consumption_control_compact
3.0
siemens/desigo_consumption_control_compact
4.0
Published
Aug 14, 2020
Tracked Since
Feb 18, 2026