Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sinec_nms
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-13 | CVE-2024-41938 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on. | Sinec_nms | 3.8 | ||
| 2024-08-13 | CVE-2024-36398 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. | Sinec_nms | 7.8 | ||
| 2024-08-13 | CVE-2024-41939 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application. | Sinec_nms | 8.8 | ||
| 2024-08-13 | CVE-2024-41940 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | Sinec_nms | 9.1 | ||
| 2024-08-13 | CVE-2024-41941 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization. | Sinec_nms | 4.3 |