Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sinec_nms
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-12 | CVE-2021-33722 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system. | Sinec_nms | 4.9 | ||
| 2021-10-12 | CVE-2021-33724 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. | Sinec_nms | 9.1 | ||
| 2021-10-12 | CVE-2021-33726 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | Sinec_nms | 7.5 | ||
| 2021-10-12 | CVE-2021-33725 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | Sinec_nms | 9.1 | ||
| 2021-10-12 | CVE-2021-33727 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system. | Sinec_nms | 6.5 | ||
| 2021-10-12 | CVE-2021-33728 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33729 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database. | Sinec_nms | 8.8 | ||
| 2021-10-12 | CVE-2021-33730 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33731 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 | ||
| 2021-10-12 | CVE-2021-33732 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. | Sinec_nms | 7.2 |