CVE-2021-37201
published 2021-09-14CVE-2021-37201: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sinec_network_management_system | < 1.0 | 1.0 |
| siemens | sinec_network_management_system | — | — |
| siemens | sinec_nms | — | — |