Details of VAR-202508-2172

ID

VAR-202508-2172

TITLE

SIEMENS Desigo CC family and SENTRON Powermanager privilege escalation vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-19353

DESCRIPTION

The Desigo CC product family includes Desigo CC (an integrated building management platform for managing high-performance buildings), Desigo CC Compact (a solution tailored for small and medium-sized buildings), Desigo CC Connect (a software gateway based on the Desigo CC platform), and Cerberus DMS (a hazard management station that helps users manage fire safety and security incidents). SENTRON Powermanager power monitoring software analyzes energy consumption by displaying key characteristics of individual devices and the entire system in an easy-to-understand dashboard. A privilege escalation vulnerability exists in the SIEMENS Desigo CC family and SENTRON Powermanager, which could be exploited by an attacker to escalate privileges.

Trust: 0.6

sources: CNVD: CNVD-2025-19353

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19353

AFFECTED PRODUCTS

vendor:	siemens	model:	desigo cc family all	scope:	eq	version:	v5.0	Trust: 0.6
vendor:	siemens	model:	desigo cc family all	scope:	eq	version:	v5.1	Trust: 0.6
vendor:	siemens	model:	desigo cc family all	scope:	eq	version:	v6	Trust: 0.6
vendor:	siemens	model:	desigo cc family all	scope:	eq	version:	v7	Trust: 0.6
vendor:	siemens	model:	desigo cc family all	scope:	eq	version:	v8	Trust: 0.6
vendor:	siemens	model:	sentron powermanager all	scope:	eq	version:	v5	Trust: 0.6
vendor:	siemens	model:	sentron powermanager all	scope:	eq	version:	v6	Trust: 0.6
vendor:	siemens	model:	sentron powermanager all	scope:	eq	version:	v7	Trust: 0.6
vendor:	siemens	model:	sentron powermanager all	scope:	eq	version:	v8	Trust: 0.6

sources: CNVD: CNVD-2025-19353

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2025-19353
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-19353
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-19353

PATCH

title:

Patch for SIEMENS Desigo CC family and SENTRON Powermanager privilege escalation vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/723026

Trust: 0.6

sources: CNVD: CNVD-2025-19353

EXTERNAL IDS

db:	SIEMENS	id:	SSA-201595	Trust: 0.6
db:	CNVD	id:	CNVD-2025-19353	Trust: 0.6

sources: CNVD: CNVD-2025-19353

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-201595.html

Trust: 0.6

sources: CNVD: CNVD-2025-19353

SOURCES

db:

CNVD

id:

CNVD-2025-19353

LAST UPDATE DATE

2025-08-26T23:32:58.952000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2025-19353

date:

2025-08-22T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2025-19353

date:

2025-08-14T00:00:00