Siemens

Sinema Server

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2023-35796

  • EPSS 0.23%
  • Veröffentlicht 10.10.2023 11:15:11
  • Zuletzt bearbeitet 21.11.2024 08:08:43

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a sto...

6.5

CVE-2022-25311

  • EPSS 0.19%
  • Veröffentlicht 08.03.2022 12:15:11
  • Zuletzt bearbeitet 21.11.2024 06:51:58

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser se...

9

CVE-2021-40438

Warnung
  • EPSS 94.43%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 16.05.2025 15:27:13

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

9.8

CVE-2021-39275

  • EPSS 46.97%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 01.05.2025 15:39:40

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5

CVE-2021-34798

  • EPSS 11.69%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:11:13

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

5.3

CVE-2019-10941

  • EPSS 0.18%
  • Veröffentlicht 14.09.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 04:20:12

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is on...

5.9

CVE-2021-3449

  • EPSS 13.18%
  • Veröffentlicht 25.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:33

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...

8.1

CVE-2020-25237

  • EPSS 1.42%
  • Veröffentlicht 09.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:17:43

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relat...

7.2

CVE-2020-7580

  • EPSS 0.05%
  • Veröffentlicht 10.06.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:37:24

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3),...

9.9

CVE-2019-10940

  • EPSS 0.18%
  • Veröffentlicht 16.01.2020 16:15:15
  • Zuletzt bearbeitet 21.11.2024 04:20:11

A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations ...