Siemens Sinema Server V14 vulnerabilities

CVE-2023-35796 [HIGH] CWE-79 CVE-2023-35796: A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application im A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges

CVE-2022-25311 [HIGH] CWE-269 CVE-2022-25311: A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All ver A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user

CVE-2022-24282 [HIGH] CWE-502 CVE-2022-24282: A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All ver A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could ex

CVE-2022-24281 [HIGH] CWE-89 CVE-2022-24281: A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All ver A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.