CVE-2021-33723Improper Authorization in Siemens Sinec NMS

CWE-285Improper Authorization3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 55.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Sinec NMS
Timeline
PublishedOct 12
Latest updateMay 24

Description

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsiemens/sinec_nms< 1.0+1
CVEListV5siemens/sinec_nmsAll versions < V1.0 SP2 Update 1

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-pmr7-g2c9-7xhw: A vulnerability has been identified in SINEC NMS (All versions < V12022-05-24
CVEList
CVE-2021-33723: A vulnerability has been identified in SINEC NMS (All versions < V12021-10-12
CVE-2021-33723 — Improper Authorization in Siemens | cvebase