CVE-2022-25311

EPSS 0.19%
Published 08.03.2022 12:15:11
Last modified 21.11.2024 06:51:58
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Sinec Network Management System Version < 1.0.3

Siemens ≫ Sinema Server Version14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.379

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-25311

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25311

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25311

EUVD