CVE-2016-6486
Siemens SINEMA Server Insecure File Permissions Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.
Siemens SINEMA Server utiliza permisos débiles para la carpeta de aplicación, lo que permite a usuarios locales obtener privilegios a través de vectores no especificados.
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Siemens SINEMA Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the configuration of the product. The executables for new system services are stored in directories for which all users have full control allowing for new executables to be swapped for the system service executables. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-07-28 CVE Reserved
- 2016-08-08 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/92254 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-16-478 | X_refsource_misc |
|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf | 2016-11-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Sinema Server Search vendor "Siemens" for product "Sinema Server" | - | - |
Affected
| ||||||