CVE-2020-10055 – This vulnerability allows remote unauthenticate... (How to Fix)

Q: What is the severity of CVE-2020-10055?

CVE-2020-10055 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote unauthenticated attackers to execute arbitrary commands with SYSTEM privileges on Desigo CC building automation systems. It affects Desigo CC and Desigo CC Compact versions 3.x and 4.x when the Advanced Reporting Engine is enabled. The vulnerability exists in the BIRT third-party component.

📋 TL;DR

This vulnerability allows remote unauthenticated attackers to execute arbitrary commands with SYSTEM privileges on Desigo CC building automation systems. It affects Desigo CC and Desigo CC Compact versions 3.x and 4.x when the Advanced Reporting Engine is enabled. The vulnerability exists in the BIRT third-party component.

💻 Affected Systems

Products:

Desigo CC
Desigo CC Compact

Versions: V3.x and V4.x

Operating Systems: Windows-based systems running Desigo CC

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when Advanced Reporting Engine is enabled. Systems without this feature enabled are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining SYSTEM privileges, enabling data theft, ransomware deployment, or disruption of building automation systems.

🟠

Likely Case

Remote code execution leading to data exfiltration, installation of backdoors, or lateral movement within the network.

🟢

If Mitigated

Limited impact if systems are isolated, patched, or have the Advanced Reporting Engine disabled.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation makes internet-facing systems extremely vulnerable.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to network-based attacks from compromised internal hosts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CVSS 9.8 indicates critical severity with low attack complexity. While no public PoC is confirmed, the high score suggests weaponization is likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version as specified in Siemens advisories

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-786743.pdf

Restart Required: Yes

Instructions:

1. Review Siemens advisory SSA-786743. 2. Apply vendor-provided updates. 3. Restart affected systems. 4. Verify patch installation.

🔧 Temporary Workarounds

Disable Advanced Reporting Engine

windows

Disable the vulnerable BIRT Advanced Reporting Engine component

Configure via Desigo CC management interface to disable Advanced Reporting Engine

Network Segmentation

all

Isolate Desigo CC systems from untrusted networks

Configure firewall rules to restrict access to Desigo CC ports

🧯 If You Can't Patch

Implement strict network segmentation and access controls
Disable Advanced Reporting Engine if not required
Monitor for suspicious activity and implement application whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Desigo CC version and verify if Advanced Reporting Engine is enabled in system configuration

Check Version:

Check version through Desigo CC management interface or system properties

Verify Fix Applied:

Verify system is updated to patched version and Advanced Reporting Engine status

📡 Detection & Monitoring

Log Indicators:

Unusual process execution, unexpected network connections from Desigo CC systems
Authentication bypass attempts or unusual reporting engine activity

Network Indicators:

Suspicious inbound traffic to Desigo CC reporting ports
Outbound connections from Desigo CC to unexpected destinations

SIEM Query:

source="Desigo CC" AND (event_type="process_execution" OR event_type="network_connection") AND severity=high

📊 Metadata

CVE ID: CVE-2020-10055

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: August 14, 2020

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-786743.pdf Patch,Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-06 Patch,Third Party Advisory,US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-786743.pdf Patch,Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-06 Patch,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-10055, you might also want to check these: