Siemens

Sinec Network Management System

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-22965

Warnung Exploit
  • EPSS 94.44%
  • Veröffentlicht 01.04.2022 23:15:13
  • Zuletzt bearbeitet 10.04.2025 16:56:46

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Sp...

6.5

CVE-2022-24281

  • EPSS 0.72%
  • Veröffentlicht 08.03.2022 12:15:11
  • Zuletzt bearbeitet 21.11.2024 06:50:05

A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webser...

6.5

CVE-2022-24282

  • EPSS 2.77%
  • Veröffentlicht 08.03.2022 12:15:11
  • Zuletzt bearbeitet 21.11.2024 06:50:05

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to ins...

6.5

CVE-2022-25311

  • EPSS 0.19%
  • Veröffentlicht 08.03.2022 12:15:11
  • Zuletzt bearbeitet 21.11.2024 06:51:58

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser se...

7.7

CVE-2021-37200

  • EPSS 2.26%
  • Veröffentlicht 14.09.2021 11:15:26
  • Zuletzt bearbeitet 21.11.2024 06:14:50

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.

8.8

CVE-2021-37201

  • EPSS 0.14%
  • Veröffentlicht 14.09.2021 11:15:26
  • Zuletzt bearbeitet 21.11.2024 06:14:50

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by t...

9

CVE-2021-33721

  • EPSS 5.09%
  • Veröffentlicht 10.08.2021 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:26

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with ...

8.1

CVE-2020-25237

  • EPSS 1.42%
  • Veröffentlicht 09.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:17:43

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relat...

7.2

CVE-2020-7580

  • EPSS 0.05%
  • Veröffentlicht 10.06.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:37:24

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3),...