CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44315
https://notcve.org/view.php?id=CVE-2023-44315
10 Oct 2023 — A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones < V2.0). La aplicación afectada sanitiza incorrectamente ciertos ... • https://cert-portal.siemens.com/productcert/html/ssa-160243.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30527
https://notcve.org/view.php?id=CVE-2022-30527
10 Oct 2023 — A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones < V2.0). La aplicación afectada asigna derechos de acceso indebidos a carpetas específicas que contienen librerías y archivos ejecutables. • https://cert-portal.siemens.com/productcert/html/ssa-160243.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 2%CPEs: 17EXPL: 3CVE-2021-42550 – RCE from attacker with configuration edit priviledges through JNDI lookup
https://notcve.org/view.php?id=CVE-2021-42550
16 Dec 2021 — In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. En logback versiones 1.2.7 y anteriores, un atacante con los privilegios necesarios para editar archivos de configuración podría diseñar una configuración maliciosa que permitiera ejecutar código arbitrario cargado desde servidores LDAP A flaw was found in the logback package. When using a special... • http://logback.qos.ch/news.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33736
https://notcve.org/view.php?id=CVE-2021-33736
12 Oct 2021 — A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). Un atacante autenticado con privilegios podría ejecutar comandos arbitrarios en la base de datos local mediante el envío de peticiones diseñadas al servidor ... • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 9%CPEs: 4EXPL: 0CVE-2021-33734
https://notcve.org/view.php?id=CVE-2021-33734
12 Oct 2021 — A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). Un atacante autenticado con privilegios podría ejecutar comandos arbitrarios en la base de datos local mediante el envío de peticiones diseñadas al servidor ... • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33735
https://notcve.org/view.php?id=CVE-2021-33735
12 Oct 2021 — A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). Un atacante autenticado con privilegios podría ejecutar comandos arbitrarios en la base de datos local mediante el envío de peticiones diseñadas al servidor ... • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 10%CPEs: 4EXPL: 0CVE-2021-33733
https://notcve.org/view.php?id=CVE-2021-33733
12 Oct 2021 — A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). Un atacante autenticado con privilegios podría ejecutar comandos arbitrarios en la base de datos local mediante el envío de peticiones diseñadas al servidor ... • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 9%CPEs: 4EXPL: 0CVE-2021-33732
https://notcve.org/view.php?id=CVE-2021-33732
12 Oct 2021 — A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). Un atacante autenticado con privilegios podría ejecutar comandos arbitrarios en la base de datos local mediante el envío de peticiones diseñadas al servidor ... • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 9%CPEs: 4EXPL: 0CVE-2021-33731
https://notcve.org/view.php?id=CVE-2021-33731
12 Oct 2021 — A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). Un atacante autenticado con privilegios podría ejecutar comandos arbitrarios en la base de datos local mediante el envío de peticiones diseñadas al servidor ... • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 9%CPEs: 4EXPL: 0CVE-2021-33730
https://notcve.org/view.php?id=CVE-2021-33730
12 Oct 2021 — A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application. Se ha identificado una vulnerabilidad en SINEC NMS (Todas las versiones anteriores a V1.0 SP2 Update 1). Un atacante autenticado con privilegios podría ejecutar comandos arbitrarios en la base de datos local mediante el envío de peticiones diseñadas al servidor ... • https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •