cbcvebase.

Siemens Sinec Security Monitor vulnerabilities

7 known vulnerabilities affecting siemens/sinec_security_monitor.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2024-47553P2CRITICALCVSS 9.9fixed in 4.9.0fixed in V4.9.02024-10-08
CVE-2024-47553 [CRITICAL] CWE-88 CVE-2024-47553: A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS.
nvd
CVE-2024-47562P3HIGHCVSS 8.8fixed in 4.9.0fixed in V4.9.02024-10-08
CVE-2024-47562 [HIGH] CWE-77 CVE-2024-47562: A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS.
nvd
CVE-2025-40831P3MEDIUMCVSS 6.5fixed in 4.10.0fixed in V4.10.02025-12-09
CVE-2025-40831 [MEDIUM] CWE-20 CVE-2025-40831: A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report functionality.
nvd
CVE-2025-40830P4MEDIUMCVSS 6.7fixed in 4.10.0fixed in V4.10.02025-12-09
CVE-2025-40830 [MEDIUM] CWE-285 CVE-2025-40830: A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any file on server or sensor.
nvd
CVE-2024-47563P4MEDIUMCVSS 5.3fixed in 4.9.0fixed in V4.9.02024-10-08
CVE-2024-47563 [MEDIUM] CWE-22 CVE-2024-47563: A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromis
nvd
CVE-2024-47565P4MEDIUMCVSS 4.3fixed in 4.9.0fixed in V4.9.02024-10-08
CVE-2024-47565 [MEDIUM] CWE-183 CVE-2024-47565: A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote attacker to compromise the integrity of the configuration of the affected application.
nvd
CVE-2026-27661P4MEDIUMCVSS 4.3fixed in 4.9.0fixed in V4.9.02026-03-10
CVE-2026-27661 [MEDIUM] CWE-1230 CVE-2026-27661: A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on `SSM Server`.
nvd
Siemens Sinec Security Monitor vulnerabilities | cvebase