CVE-2022-30527

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 76.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Sinec NMS
Timeline
PublishedOct 10

Description

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5siemens/sinec_nms< V2.0

Patches

Patch: cert-portal.siemens.comPatch: cert-portal.siemens.com

🔴Vulnerability Details

2
CVEList
CVE-2022-30527: A vulnerability has been identified in SINEC NMS (All versions < V22023-10-10
GHSA
GHSA-qxpm-cp83-p72g: A vulnerability has been identified in SINEC NMS (All versions < V22023-10-10
CVE-2022-30527 (HIGH CVSS 7.8) | A vulnerability has been identified | cvebase.io