CVE-2021-31891

Name of the Vulnerable Software and Affected Versions: Desigo CC versions with OIS Extension Module GMA-Manager versions with OIS running on Debian 9 or earlier Operation Scheduler versions with OIS running on Debian 9 or earlier Siveillance Control versions with OIS running on Debian 9 or earlier Siveillance Control Pro versions

Description: A vulnerability has been identified in the affected applications, where they incorrectly neutralize special elements in a specific HTTP GET request, which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

Recommendations: For Desigo CC with OIS Extension Module, consider disabling the OIS Extension Module until a patch is available. For GMA-Manager with OIS running on Debian 9 or earlier, restrict access to the OIS module to minimize the risk of exploitation. For Operation Scheduler with OIS running on Debian 9 or earlier, avoid using the vulnerable HTTP GET request in the affected application until the issue is resolved. For Siveillance Control with OIS running on Debian 9 or earlier, consider temporarily disabling the OIS module to prevent exploitation. For Siveillance Control Pro, restrict access to the vulnerable component to minimize the risk of exploitation.