CVE-2024-47808

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
8.3HIGH
EPSS
0.1%
top 76.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Sinec NMS
Timeline
PublishedNov 12
Latest updateApr 15

Description

A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

Affected Packages2 packages

CVEListV5siemens/sinec_nms< V3.0 SP1
NVDsiemens/sinec_nms< 3.0+1

Patches

Patch: cert-portal.siemens.com

🔴Vulnerability Details

2
GHSA
GHSA-pjpw-9hx5-m28p: A vulnerability has been identified in SINEC NMS (All versions < V32024-11-12
CVEList
CVE-2024-47808: A vulnerability has been identified in SINEC NMS (All versions < V32024-11-12

💥Exploits & PoCs

1
Exploit-DB
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution2025-04-15
CVE-2024-47808 (HIGH CVSS 8.3) | A vulnerability has been identified | cvebase.io