Siemens

Sinec Nms

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-23812

  • EPSS 0.71%
  • Veröffentlicht 13.02.2024 09:15:49
  • Zuletzt bearbeitet 21.11.2024 08:58:28

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection.

8.8

CVE-2024-23811

  • EPSS 1.55%
  • Veröffentlicht 13.02.2024 09:15:49
  • Zuletzt bearbeitet 21.11.2024 08:58:28

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentia...

5.4

CVE-2023-44315

  • EPSS 0.47%
  • Veröffentlicht 10.10.2023 11:15:12
  • Zuletzt bearbeitet 21.11.2024 08:25:39

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stor...

7.8

CVE-2022-30527

  • EPSS 0.08%
  • Veröffentlicht 10.10.2023 11:15:10
  • Zuletzt bearbeitet 21.11.2024 07:02:52

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inje...

8.5

CVE-2021-42550

Exploit
  • EPSS 2.6%
  • Veröffentlicht 16.12.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:27:47

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

8.8

CVE-2021-33729

  • EPSS 0.8%
  • Veröffentlicht 12.10.2021 10:15:12
  • Zuletzt bearbeitet 21.11.2024 06:09:27

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database.

9

CVE-2021-33728

  • EPSS 1.99%
  • Veröffentlicht 12.10.2021 10:15:12
  • Zuletzt bearbeitet 21.11.2024 06:09:27

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected sof...

7.2

CVE-2021-33730

  • EPSS 1.31%
  • Veröffentlicht 12.10.2021 10:15:12
  • Zuletzt bearbeitet 21.11.2024 06:09:27

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

7.2

CVE-2021-33731

  • EPSS 1.31%
  • Veröffentlicht 12.10.2021 10:15:12
  • Zuletzt bearbeitet 21.11.2024 06:09:28

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

7.2

CVE-2021-33732

  • EPSS 0.76%
  • Veröffentlicht 12.10.2021 10:15:12
  • Zuletzt bearbeitet 21.11.2024 06:09:28

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.