cbcvebase.

Siemens Sinec Nms vulnerabilities

61 known vulnerabilities affecting siemens/sinec_nms.

Total CVEs
61
CISA KEV
2
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL8HIGH42MEDIUM11

Vulnerabilities

Page 3 of 4
CVE-2021-33732HIGHCVSS 7.2fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33732 [HIGH] CWE-89 CVE-2021-33732: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
nvd
CVE-2021-33728HIGHCVSS 7.2fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33728 [HIGH] CWE-502 CVE-2021-33728: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected sy A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java obje
nvd
CVE-2021-33731HIGHCVSS 7.2fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33731 [HIGH] CWE-89 CVE-2021-33731: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
nvd
CVE-2021-33734HIGHCVSS 7.2fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33734 [HIGH] CWE-89 CVE-2021-33734: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
nvd
CVE-2021-33735HIGHCVSS 7.2fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33735 [HIGH] CWE-89 CVE-2021-33735: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
nvd
CVE-2021-33733HIGHCVSS 7.2fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33733 [HIGH] CWE-89 CVE-2021-33733: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
nvd
CVE-2021-33729HIGHCVSS 8.8fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33729 [HIGH] CWE-89 CVE-2021-33729: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticate A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database.
nvd
CVE-2021-33726HIGHCVSS 7.5fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33726 [HIGH] CWE-22 CVE-2021-33726: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected sy A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.
nvd
CVE-2021-33730HIGHCVSS 7.2fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33730 [HIGH] CWE-89 CVE-2021-33730: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
nvd
CVE-2021-33736HIGHCVSS 7.2fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33736 [HIGH] CWE-89 CVE-2021-33736: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
nvd
CVE-2021-33727MEDIUMCVSS 6.5fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33727 [MEDIUM] CWE-200 CVE-2021-33727: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticate A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.
nvd
CVE-2021-33722MEDIUMCVSS 4.9fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33722 [MEDIUM] CWE-22 CVE-2021-33722: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected sy A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system.
nvd
CVE-2021-33723MEDIUMCVSS 6.5fixed in 1.0v1.0+1 more2021-10-12
CVE-2021-33723 [MEDIUM] CWE-285 CVE-2021-33723: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticate A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.
nvd
CVE-2021-40438CRITICALCVSS 9.0KEVPoCfixed in 1.0.32021-09-16
CVE-2021-40438 [CRITICAL] CWE-918 CVE-2021-40438: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
nvd
CVE-2021-37200HIGHCVSS 7.7vAll versions < V1.0 SP12021-09-14
CVE-2021-37200 [HIGH] CWE-22 CVE-2021-37200: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.
nvd
CVE-2021-37201HIGHCVSS 8.8vAll versions < V1.0 SP12021-09-14
CVE-2021-37201 [HIGH] CWE-352 CVE-2021-37201: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of aff A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.
nvd
CVE-2021-33721HIGHCVSS 7.2vAll versions < V1.0 SP22021-08-10
CVE-2021-33721 [HIGH] CWE-78 CVE-2021-33721: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with
nvd
CVE-2021-3449MEDIUMCVSS 5.9v1.02021-03-25
CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr
nvd
CVE-2020-25237HIGHCVSS 8.1vAll versions < V1.0 SP1 Update 12021-02-09
CVE-2020-25237 [HIGH] CWE-22 CVE-2020-25237: A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server ( A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacke
nvd
CVE-2020-7580MEDIUMCVSS 6.7vAll versions < V1.0 SP22020-06-10
CVE-2020-7580 [MEDIUM] CWE-428 CVE-2020-7580: A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Softwa
nvd
← Previous3 / 4Next →