CVE-2021-37200 — Path Traversal in Siemens Sinec Network Management System

CWE-22 — Path Traversal3 documents3 sources

Severity

7.7HIGHNVD

EPSS

2.3%

top 15.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinec Network Management System Siemens Sinec NMS

Timeline

PublishedSep 14

Latest updateMay 24

Description

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

▶NVDsiemens/sinec_network_management_system< 1.0+1

▶CVEListV5siemens/sinec_nmsAll versions < V1.0 SP1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-fx3m-586f-fprw: A vulnerability has been identified in SINEC NMS (All versions < V1↗2022-05-24

▶

CVEList

CVE-2021-37200: A vulnerability has been identified in SINEC NMS (All versions < V1↗2021-09-14

▶